Critical Uncontrolled Search Path Vulnerability (CVE‑2024‑2658) in Schneider Electric Floating License Manager Threatens Industrial Automation Environments
What It Is — A CWE‑427 “Uncontrolled Search Path Element” flaw in the FlexNet Publisher component (up to v11.19.6.0) used by Schneider Electric’s Floating License Manager (FLM). A low‑privileged local user can replace the hard‑coded openssl.cnf file, causing lmadmin.exe to load a malicious DLL and execute code as the service account, potentially escalating to NT AUTHORITY\SYSTEM.
Exploitability — Publicly disclosed; proof‑of‑concept code exists. No known active ransomware‑as‑a‑service exploiting it yet, but the attack chain (local code execution → SYSTEM privilege → lateral movement) is fully documented. CVSS ≈ 7.5 (High).
Affected Products — Schneider Electric Floating License Manager (any version shipping FlexNet Publisher ≤ 11.19.6.0). The underlying FlexNet Publisher library is the root cause.
Why It Matters for Compliance & Audit Readiness
- Control Mapping – The flaw directly violates SOC 2 CC6.1 (System Operations) and CC7.1 (Change Management) requirements for protecting against unauthorized code execution on critical infrastructure.
- Continuous Evidence – Detecting and remediating the hard‑coded path requires ongoing configuration monitoring, which can be captured as audit evidence to demonstrate due diligence.
- Enterprise Buyer Expectations – Industrial OEMs and their downstream customers now demand proof that license‑management services are hardened, making a documented control‑mapping process a decisive factor in contract negotiations.
Recommended Actions
- Patch/Upgrade – Apply Schneider Electric’s latest FLM release that removes the hard‑coded
openssl.cnfreference or upgrades FlexNet Publisher beyond v11.19.6.0. - File‑System Guardrails – Restrict write permissions on the OpenSSL configuration directory to administrators only; enforce ACLs and monitoring.
- Continuous Control Monitoring – Deploy an automated configuration‑integrity tool to flag any changes to
openssl.cnfor related DLLs and retain logs for SOC 2 evidence. - Privilege‑Separation Review – Verify that
lmadmin.exeruns with the least‑privilege account possible; consider service‑hardening or containerization.
Source: SecureList – Schneider Electric CVE‑2024‑2658 Vulnerability