CVE-2024-8422
📋 TL;DR
A Use After Free vulnerability in Zelio Soft 2 allows arbitrary code execution when a malicious project file is opened. This affects users of Schneider Electric's Zelio Soft 2 software who open untrusted project files. Attackers can execute code with the privileges of the user running the software.
💻 Affected Systems
- Schneider Electric Zelio Soft 2
📦 What is this software?
Zelio Soft 2 by Schneider Electric
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via arbitrary code execution with user privileges, leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Malicious project files delivered via phishing or compromised websites lead to code execution, potentially installing malware or stealing sensitive data.
If Mitigated
With proper controls, impact is limited to the user account running Zelio Soft 2, with potential data loss but no system-wide compromise.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Schneider Electric advisory for specific version
Vendor Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf
Restart Required: Yes
Instructions:
1. Download the latest version from Schneider Electric's official website. 2. Uninstall the current version. 3. Install the updated version. 4. Restart the system.
🔧 Temporary Workarounds
Restrict project file execution
windowsBlock execution of Zelio Soft 2 project files from untrusted sources
Run with limited privileges
windowsRun Zelio Soft 2 with a standard user account instead of administrator privileges
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of Zelio Soft 2 from untrusted locations
- Use email filtering and web proxies to block malicious project files
🔍 How to Verify
Check if Vulnerable:
Check Zelio Soft 2 version against Schneider Electric's advisory. If using any version prior to the patched version, you are vulnerable.Check Version:
Open Zelio Soft 2 and check Help > About or check program properties in WindowsVerify Fix Applied:
Verify the installed version matches or exceeds the patched version specified in the vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Zelio Soft 2
- Multiple failed file opening attempts
- Crash logs from Zelio Soft 2
Network Indicators:
- Outbound connections from Zelio Soft 2 to unknown IPs
- DNS requests for suspicious domains after file opening
SIEM Query:
Process Creation where Parent Process contains 'zelio' AND (Command Line contains '.zls2' OR Command Line contains '.zls')