February 1, 2024

Montelektro’s IT department has released information about the latest updates on security notification issued by Schneider Electric on December 12, 2023, in response to our primary concerns about the cybersecurity of software solutions provided to our clients.

In this Security notification alert, Schneider Electric informs users that the vulnerability in Redis (persistent key-value database) identified by CVE 2022-0543, and publicly disclosed in 2022 affects Plant iT product v9.60 and above.

According to information received from Schneider Electric, it was discovered that Redis, a persistent key-value database, is prone to a Lua sandbox escape due to a packaging issue, which could result in remote code execution.

ProLeit Help desk confirmed the Redis database supplied with ProLeit products can be compromised by this security breach; a security update has been developed to rectify the security breach for multiple Plant iT versions. It is strongly recommended to install the security update on the affected computers.

Our IT team at Montelektro will stay in touch with ProLeit to keep track of any potential new vulnerability events in our customers’ Plant iT systems.

Advisories can be found at the following links:

Security Advisory – CVE 2022-0543 Redis Lua sandbox escape, February 2, 2024

Security Advisory – CVE 2022-0543 Redis Lua sandbox escape December 13,2023