While addressing a buffer overflow vulnerability to its SoMove Lite software package, Schneider Electric identified other vulnerable products. Schneider Electric has produced a patch that mitigates this remotely exploitable vulnerability, according to a report on ICS-CERT.
The following Schneider Electric software platforms install affected Device Type Managers (DTMs) with an affected DLL which could lead to the buffer overflow:
• Unity Pro, all versions
• SoMachine, all versions
• SoMove, all versions
• SoMove Lite, all versions
The following Schneider Electric DTM libraries suffer from the issue:
• Modbus Communication Library, Version 2.2.6 and prior
• CANopen Communication Library, Version 1.0.2 and prior
• EtherNet/IP Communication Library, Version 1.0.0 and prior
• EM X80 Gateway DTM (MB TCP/SL)
• Advantys DTMs (OTB, STB)
• KINOS DTM
• SOLO DTM
• Xantrex DTMs
Successfully exploiting this vulnerability could allow a remote attacker to execute arbitrary code, according to Ariele Caltabiano (kimiya) with HP’s Zero Day Initiative (ZDI) who reported the vulnerability to ICS-CERT.
Paris, France-based Schneider Electric’s maintains offices in more than 100 countries worldwide. Unity Pro is a development software to test, debug, and manage applications. SoMachine is a single software environment for developing, configuring, and commissioning automation machinery. SoMove is a setup software for motor control devices. Schneider Electric estimates these products see use globally.
A DLL in a DTM development kit which ends up installed during DTM set up could be vulnerable to a buffer overflow that may allow an attacker to remotely execute code.
CVE-2014-9200 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.
No known public exploits specifically target this vulnerability and an attacker with low skill would be able to exploit this vulnerability.
Schneider Electric released a patch that resolves the vulnerability by removing the vulnerable DLL. Click here for the Schneider Electric patch.
Click here for Schneider Electric’s security notice SEVD-2015-009-01.