Your one-stop web resource providing safety and security information to manufacturers

Schneider Electric has new software to mitigate multiple vulnerabilities in the Java Runtime Environment running on its Trio TView, according to a report with ICS-CERT.

Trio TView Software, TBUMPROG-TVIEW, Version 3.27.0 and prior suffer from the issues, discovered by Karn Ganeshen.

Fix is in for Mitsubishi’s E-Designer
Vulnerability in CAN Bus Standard
Continental to Fix Automotive Holes
Holes in Mirion Telemetry Devices

Exploitation of these remotely exploitable vulnerabilities may allow a remote attacker to compromise the Trio TView Management Suite.

Public exploits are available. The product sees use in the energy sector on a global basis. An attacker with low skill level would be able to leverage the vulnerabilities.

Schneider Bold

A Java Runtime Environment is provided with TView. The Java Runtime Environment 1.6.0u27 is reported to have multiple vulnerabilities which may impact TView Version 3.27.0 and earlier.

The breakdown of the vulnerabilities by CVSS score is as follows:
• 180 vulnerabilities have a CVSS base score of 7.0-10
• 161 vulnerabilities have a CVSS base score of 4.0-6.9
• 24 vulnerabilities have a CVSS base score of 0.0-3.9

For more information on these vulnerabilities, see Schneider Electric Security Notification SEVD-2017-199-01.

The Java Runtime Environment 1.8.0u131 is provided with TView Version 3.29.0 and is not affected by these vulnerabilities.

Schneider Electric recommends users obtain the software with the fix for these vulnerabilities.

Pin It on Pinterest

Share This