Device Driver Vulnerability Found

Wednesday, October 26, 2011 @ 09:10 PM gHale


There is a buffer overflow vulnerability in UnitelWay Windows Device Driver, which is a component in different Schneider Electric products.

ICS-CERT coordinated this vulnerability report with Schneider Electric. The vendor has produced a fix that resolves this vulnerability. ICST has successfully tested and validated that this fix fully resolves this vulnerability. Researcher Kuang-Chun Hung of Security Research and Service Institute – Information and Communication Security Technology Center (ICST) discovered the vulnerabilities.

RELATED STORIES
SCADA Issues with MICROSYS
UniOPC Update on Server Vulnerabilities
More Holes Beset SCADA Firms
Cogent Patches DataHub Holes

The following products are suffering from the vulnerabilities:
• Unity Pro, Version 6 and prior on the Windows XP platform
• OPC Factory Server, Version 3.34 on the Windows XP platform
• Vijeo Citect, Version 7.20 and prior on the Windows XP platform
• Telemecanique Driver Pack, Version 2.6 and prior on the Windows XP platform
• Monitor Pro, Version 7.6 and prior on the Windows XP platform
• PL7 Pro, Version 4.5 and prior on the Windows XP platform

Exploitation of this vulnerability will allow an attacker to run arbitrary code on the targeted system. Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.

Schneider Electric is a manufacturer and integrator of energy management equipment and software. Schneider Electric systems are found in the energy, manufacturing, building automation, and information technology. Schneider Electric reports operations in over 100 countries worldwide.

An oversized input string to a parameter in this system using the UnitelWay Windows Device Driver causes a buffer overflow that allows arbitrary code execution. The vulnerability has a CVE-2011-3330 designation.

This vulnerability is not remotely exploitable. At this point this vulnerability does not have a target. An attacker with a low skill level can create a denial of service whereas it would require a more skilled attacker to execute arbitrary code.

Schneider Electric created a fix that modifies one of the libraries of the UnitelWay Windows Device Driver. Schneider Electric has also issued a customer notification describing the vulnerability.

Schneider Electric recommends since the functionality of the existing version is not affected by the installation of the fix, all customers should install the fix.

Schneider Electric recommends users requiring additional assistance contact their global support center or a local customer service center. Contact information is available at the following web addresses.

Vijeo Citect customers should contact Schneider Electric’s SCADA and MES Software Support Center.



Leave a Reply

You must be logged in to post a comment.