CVE-2016-2278

HIGH

Schneider Electric Struxureware Building Operations Automation Server < 1.7 - Authenticated OS Command Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2278. PoCs published by Karn Ganeshen.

AI-analyzed exploit summary This writeup details multiple vulnerabilities in Schneider Electric's Automation Server, including weak credential management, OS command injection (CVE-2016-2278), and privilege escalation to root via sudo. The command injection allows bypassing the restricted shell (msh) by appending commands with '|'.

Description

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.

Exploits (1)

exploitdb WRITEUP

by Karn Ganeshen · textremotehardware

https://www.exploit-db.com/exploits/39522

View Code ZIP pw:eip

This writeup details multiple vulnerabilities in Schneider Electric's Automation Server, including weak credential management, OS command injection (CVE-2016-2278), and privilege escalation to root via sudo. The command injection allows bypassing the restricted shell (msh) by appending commands with '|'.

Classification

Writeup 90%

Attack Type

Rce | Lpe | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Schneider Electric Automation Server Series (AS, AS-P), v1.7 and prior

Auth required

Prerequisites: SSH access with default admin/admin credentials

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-025-01

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39522/

Scores

CVSS v3 7.2

EPSS 0.1343

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (2)

schneider-electric/struxureware_building_operations_automation_server_as-p_firmware 1.7

schneider-electric/struxureware_building_operations_automation_server_as_firmware < 1.7

Published Mar 02, 2016

Tracked Since Feb 18, 2026