Floating License Manager Hole Fixed

Friday, February 28, 2014 @ 12:02 PM gHale


Schneider Electric created a patch that mitigates an “unquoted service path” vulnerability in its Floating License Manager, according to a report on ICS-CERT.

Schneider Electric Floating License Manager Versions V1.0.0 through V1.4.0 suffer from the issue. This license manager is in five Schneider Electric Products.

RELATED STORIES
Schneider OFS Buffer Overflow
Schneider Fixes Bug, Patches Others
Increase in NTP Reflection Attacks
Siemens Fixes RuggedCom Vulnerability

The unquoted service path vulnerability affects one of the services installed by the Floating License Manager. This vulnerability could allow attackers to start malicious programs as Windows services.

This license manager is in the following Schneider Electric products:
• Power Monitoring Expert
• Struxureware process Expert (PES)
• Struxureware process Expert libraries
• Vijeo Citect (SCADA)
• Vijeo Citect Historian

Schneider Electric is a European-based company that maintains offices in 190 countries worldwide.

These products are industrial active energy management control products, deployed across several sectors including the energy, water and wastewater systems, commercial facilities, government facilities, food and agriculture, and transportation systems. Schneider Electric estimates these products see use primarily in the United States and North America.

In the Floating License Manager vulnerability, when the executable path of a service contains blanks, attackers can exploit this to execute malicious programs.

CVE-2014-0759 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.9.

This vulnerability is not be exploitable remotely and cannot end up exploited without user interaction. The exploit triggers when a local user runs the vulnerable application, and the executable path of a service contains blanks. Attackers can exploit this to start malicious programs as Windows service. To avoid this, such service paths in the registry must end up surrounded with quotes.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill would be able to exploit this vulnerability.

Deployment of the Schneider Electric products using the vulnerable floating license manager should automatically update via the Schneider Electric Software Update system.

Click here to view Schneider Electric’s latest download patches and known vulnerabilities.



Leave a Reply

You must be logged in to post a comment.