Your one-stop web resource providing safety and security information to manufacturers

Schneider Electric has a new version of software to fix an use after free vulnerability in its Zelio Soft 2, according to a report with NCCIC.

Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file.

RELATED STORIES
Hetronic Firmware Fix for Nova-M
Yokogawa Update Fixes Driver Vulnerability
Schneider Fixes Pro-face GP-Pro EX Hole
Rockwell Fixes FactoryTalk Services Platform

A programing platform, Zelio Soft 2 Versions 5.1 and prior suffer from the vulnerability, discovered by Trend Micro’s Zero Day Initiative working with rgod and mdm of 9SG Security Team.

In the vulnerability, opening a specially crafted Zelio Soft project file may exploit a use after free vulnerability, which may allow remote code execution.

Cyber Security

CVE-2018-7817 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.

Users can now download Schneider Electric’s Version 5.2 of the affected software.

Schneider Electric has also released a security notification.

Pin It on Pinterest

Share This