Your one-stop web resource providing safety and security information to manufacturers

Schneider Electric has an updated version of Zelio Soft 2 that mitigates an use after free vulnerability, according to a report from NCCIC.

Successful exploitation of this vulnerability, discovered by 9sg Security Team working with Trend Micro Zero Day Initiative (ZDI), could allow remote code execution through the opening of a specially crafted project file.

Siemens Fixes SIPROTEC 5, DIGSI 5 Holes
Siemens Clears XSS Issue in Spectrum Power
Siemens Updates TIA Portal Issue
Siemens Addresses ZombieLoad Issues

A programming platform, Zelio Soft 2 Versions 5.2 and prior suffer from the remotely exploitable vulnerability.

A use after free vulnerability has been identified, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.

Cyber Security

CVE-2019-6822 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector and it sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Electric said version 5.3 of the affected software mitigates the reported vulnerability.

Pin It on Pinterest

Share This