Schneider Electric released updated software to mitigate buffer overflow and DLL hijacking vulnerabilities in its SoMachine HVAC, according to a report with ICS-CERT.
SoMachine HVAC Versions 2.1.0, which is a PLC programming software, and prior suffer from the vulnerabilities.
Independent researcher Zhou YU reported the buffer overflow vulnerability to ICS-CERT. Schneider Electric reported security researcher Himanshu Mehta disclosed the DLL Hijack vulnerability to them.
Successful exploitation of these vulnerabilities may allow remote code execution and could cause the device that the attacker is accessing to crash due to a buffer overflow condition.
No known public exploits specifically target these vulnerabilities. These vulnerabilities are not remotely exploitable. However, an attacker with low skill level would be able to exploit them.
AlTracePrint.exe, installed by SoMachine HVAC v2.1.0 Programming Software, could be called in a way that could lead to a buffer overflow.
CVE-2017-7965 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
In addition, improper loading of a DLL file could allow an unauthenticated attacker the ability to execute arbitrary code on the target system.
CVE-2017-7966 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.
The product sees use in multiple sectors including, critical manufacturing, dams, defense industrial base, energy, food and agriculture, government facilities, nuclear reactors, materials, and waste, transportation systems, and water and wastewater systems. It sees action on a global basis.
Schneider Electric recommends users of SoMachine HVAC Programming Software update to SoMachine HVAC v2.2. Users of SoMachine HVAC can click here to access the update.
http://www.schneider-electric.com/en/download/document/SoMachine HVAC – Programming Software for Modicon M171-M172 Logic Controllers
Schneider Electric’s security notice SEVD-2017-125-01 is available.
Schneider Electric’s security notice SEVD-2017-125-02 is also available.