Schneider Electric CNM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.

CVEs (1)

Remediations

• STEP 1: Download and run the CNM Alarms Disabler Tool.
• Usage: Place the disabler tool and the .cxn project file in the same directory. In a shell prompt, and in the chosen directory, execute the following command: disabler -projectfile {source project filename} -resultfile {converted project filename}
• Important: The converter secures and modifies the CNM database and stores it in a new project file. Before a database coming from an untrusted source is loaded into CNM, users must run the converter. Note the original database is not modified. Therefore, if the original database needs to be loaded once more, it must be converted first.
• STEP 2: Set up the “Edit Password” in the CNM software. The “Edit Mode” is enabled by default. Users must activate the edit protection by switching to “Run mode” before exiting the application. Please refer to the chapter “Edit Mode” of the CNM user manual (packaged in the .iso file).
• Schneider Electric also recommends users should use appropriate patching methodologies when applying these patches to their systems. We strongly recommend the use of back-ups and evaluating the impact of these patches in a Test and Development environment or on an offline infrastructure. Contact Schneider Electric's Customer Care Center if you need assistance removing a patch.
• Harden the workstation running ConneXium Network Manager (CNM) Software.
• Do not load .cxn files received from untrusted sources.
• Use session without administrator rights when it is not necessary.
• For more information see Schneider Electric's security notification: SEVD-2021-285-02

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Energy