Schneider Electric is developing a firmware update to mitigate a buffer overflow vulnerability in its ConneXium firewall product, according to a report with ICS-CERT.
This vulnerability, discovered by independent researcher Nir Giller, is remotely exploitable.
The following ConneXium firewalls suffer from the issue:
• TCSEFEC23F3F20 all versions
• TCSEFEC23F3F21 all versions
• TCSEFEC23FCF20 all versions
• TCSEFEC23FCF21 all versions
• TCSEFEC2CF3F20 all versions
An exploit of this vulnerability could result in a buffer overflow that could allow an attacker to execute code during the SNMP (Simple Network Management Protocol) login authentication process.
Schneider Electric’s corporate headquarters is in Paris, France, and maintains offices in more than 100 countries worldwide.
ConneXium firewalls are network firewalls. ConneXium firewalls see action across several industries, but mainly the commercial facilities sector. Schneider Electric said these products see use on a global basis.
A buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.
CVE-2016-8352 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.
Schneider Electric is in the process of updating ConneXium firewall products to resolve this vulnerability through a firmware update. The updated firmware will be available on the Schneider Electric web site for download.
Schneider Electric recommends users contact their Schneider representative for additional information.