Schneider Electric released new firmware to mitigate a resource exhaustion vulnerability in its Conext ComBox product, according to a report with ICS-CERT.
The vulnerability, discovered by Arik Kublanov and Mark Liapustin of Nation-E Ltd, affects the following Conext ComBox solar battery monitor: Model 865-1058: all firmware versions prior to V3.03 BN 830.
Successful exploitation of this remotely exploitable vulnerability could cause the device to self-reboot, constituting a denial of service.
The product sees use in the energy sector, according to Paris, France-based Schneider. It sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker would need low skill level to exploit the vulnerability.
With the resource exhaustion vulnerability, a series of rapid requests to the device may cause it to reboot.
CVE-2017-6019 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
Click here to download the new firmware (V3.03 BN 830).
Users can learn more about this vulnerability and the associated firmware fix by reading Schneider Electric’s security notification SEVD-2017-052-01.