Arbitrary OS Command Execution Vulnerability in Schneider Electric Struxureware Building Operations Automation Server

Arbitrary OS Command Execution Vulnerability in Schneider Electric Struxureware Building Operations Automation Server

CVE-2016-2278 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.

Learn more about our Cis Benchmark Audit For Server Software.