HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Uncontrolled Search Path Vulnerability (CVE‑2024‑2658) in Schneider Electric Floating License Manager

A CWE‑427 flaw in Schneider Electric’s Floating License Manager lets a low‑privileged user load a malicious DLL, achieving SYSTEM privileges and risking service disruption. For SOC 2‑ready organizations, the issue highlights the need for strict control mapping and continuous configuration monitoring.

LiveThreat™ Intelligence · 📅 July 02, 2026· 📰 securelist.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
securelist.com

Critical Uncontrolled Search Path Vulnerability (CVE‑2024‑2658) in Schneider Electric Floating License Manager Threatens Industrial Automation Environments

What It Is — A CWE‑427 “Uncontrolled Search Path Element” flaw in the FlexNet Publisher component (up to v11.19.6.0) used by Schneider Electric’s Floating License Manager (FLM). A low‑privileged local user can replace the hard‑coded openssl.cnf file, causing lmadmin.exe to load a malicious DLL and execute code as the service account, potentially escalating to NT AUTHORITY\SYSTEM.

Exploitability — Publicly disclosed; proof‑of‑concept code exists. No known active ransomware‑as‑a‑service exploiting it yet, but the attack chain (local code execution → SYSTEM privilege → lateral movement) is fully documented. CVSS ≈ 7.5 (High).

Affected Products — Schneider Electric Floating License Manager (any version shipping FlexNet Publisher ≤ 11.19.6.0). The underlying FlexNet Publisher library is the root cause.

Why It Matters for Compliance & Audit Readiness

  • Control Mapping – The flaw directly violates SOC 2 CC6.1 (System Operations) and CC7.1 (Change Management) requirements for protecting against unauthorized code execution on critical infrastructure.
  • Continuous Evidence – Detecting and remediating the hard‑coded path requires ongoing configuration monitoring, which can be captured as audit evidence to demonstrate due diligence.
  • Enterprise Buyer Expectations – Industrial OEMs and their downstream customers now demand proof that license‑management services are hardened, making a documented control‑mapping process a decisive factor in contract negotiations.

Recommended Actions

  • Patch/Upgrade – Apply Schneider Electric’s latest FLM release that removes the hard‑coded openssl.cnf reference or upgrades FlexNet Publisher beyond v11.19.6.0.
  • File‑System Guardrails – Restrict write permissions on the OpenSSL configuration directory to administrators only; enforce ACLs and monitoring.
  • Continuous Control Monitoring – Deploy an automated configuration‑integrity tool to flag any changes to openssl.cnf or related DLLs and retain logs for SOC 2 evidence.
  • Privilege‑Separation Review – Verify that lmadmin.exe runs with the least‑privilege account possible; consider service‑hardening or containerization.

Source: SecureList – Schneider Electric CVE‑2024‑2658 Vulnerability

📰 Original Source
https://securelist.com/tr/schneider-electric-cve-2024-2658-vulnerability/120436/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →