CVE-2024-2747
📋 TL;DR
CVE-2024-2747 is an unquoted search path vulnerability in Schneider Electric's Easergy Studio software that allows local authenticated users to escalate privileges by placing malicious executables in directories with spaces in their names. This affects users running vulnerable versions of Easergy Studio on Windows systems. Attackers can gain SYSTEM-level access by exploiting the way Windows handles executable paths.
💻 Affected Systems
- Schneider Electric Easergy Studio
📦 What is this software?
Easergy Studio by Schneider Electric
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges, allowing installation of persistent malware, credential theft, and lateral movement across the network.
Likely Case
Local privilege escalation from standard user to SYSTEM/administrator on the affected machine, enabling further attacks.
If Mitigated
Limited to user-level access with proper file permissions and security controls in place.
🎯 Exploit Status
Requires local authenticated access and ability to create files in specific directories. Exploitation is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V2.0.1
Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-100-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-100-01.pdf
Restart Required: Yes
Instructions:
1. Download Easergy Studio V2.0.1 from Schneider Electric's official website. 2. Uninstall previous versions. 3. Install V2.0.1. 4. Restart the system.
🔧 Temporary Workarounds
Restrict File Creation Permissions
windowsLimit write permissions to directories in the Easergy Studio installation path to prevent malicious file placement.
icacls "C:\Program Files\Easergy Studio" /deny Users:(OI)(CI)W
Remove Spaces from Installation Path
windowsReinstall Easergy Studio to a directory path without spaces to mitigate the unquoted search path issue.
🧯 If You Can't Patch
- Implement strict file permissions on Easergy Studio directories to prevent unauthorized file creation
- Monitor for suspicious file creation in Easergy Studio directories and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Easergy Studio version in Help > About. If version is below V2.0.1, the system is vulnerable.Check Version:
Check 'Help > About' in Easergy Studio GUI or examine installation directory propertiesVerify Fix Applied:
Verify Easergy Studio version is V2.0.1 or higher in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing privilege escalation attempts
- File creation events in Easergy Studio directories by non-admin users
Network Indicators:
- Unusual outbound connections from systems running Easergy Studio
SIEM Query:
EventID=4688 AND ProcessName LIKE '%easergy%' AND NewProcessName='cmd.exe' OR EventID=4688 AND ProcessName LIKE '%easergy%' AND IntegrityLevel='System'