While addressing a buffer overflow vulnerability to its SoMove Lite software package, Schneider Electric identified other vulnerable products. Schneider Electric has produced a patch that mitigates this remotely exploitable vulnerability, according to a report on ICS-CERT.

The following Schneider Electric software platforms install affected Device Type Managers (DTMs) with an affected DLL which could lead to the buffer overflow:
• Unity Pro, all versions
• SoMachine, all versions
• SoMove, all versions
• SoMove Lite, all versions

Magnetrol Integrates HART DTM Update
Update on HART DTM Vulnerability
Siemens Fixes SIMATIC Vulnerability
Siemens Updates Switch Vulnerabilities

The following Schneider Electric DTM libraries suffer from the issue:
• Modbus Communication Library, Version 2.2.6 and prior
• CANopen Communication Library, Version 1.0.2 and prior
• EtherNet/IP Communication Library, Version 1.0.0 and prior
• EM X80 Gateway DTM (MB TCP/SL)
• Advantys DTMs (OTB, STB)
• Xantrex DTMs

Successfully exploiting this vulnerability could allow a remote attacker to execute arbitrary code, according to Ariele Caltabiano (kimiya) with HP’s Zero Day Initiative (ZDI) who reported the vulnerability to ICS-CERT.

Schneider Bold

Paris, France-based Schneider Electric’s maintains offices in more than 100 countries worldwide. Unity Pro is a development software to test, debug, and manage applications. SoMachine is a single software environment for developing, configuring, and commissioning automation machinery. SoMove is a setup software for motor control devices. Schneider Electric estimates these products see use globally.

A DLL in a DTM development kit which ends up installed during DTM set up could be vulnerable to a buffer overflow that may allow an attacker to remotely execute code.

CVE-2014-9200 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

No known public exploits specifically target this vulnerability and an attacker with low skill would be able to exploit this vulnerability.

Schneider Electric released a patch that resolves the vulnerability by removing the vulnerable DLL. Click here for the Schneider Electric patch.

Click here for Schneider Electric’s security notice SEVD-2015-009-01.

Pin It on Pinterest

Share This