Schneider Fixes DTM Vulnerability

Tuesday, August 11, 2015 @ 04:08 PM gHale

Schneider Electric created a patch that mitigates a memory corruption vulnerability in its IMT25 DTM component, according to a report on ICS-CERT.

Digital Security, whose researchers Alexander Bolshev, Gleb Cherbov, and Svetlana Cherkasova discovered the vulnerability, tested the patch to validate it resolves the remotely exploitable vulnerability.

Schneider Fixes Password Storage Hole
Home Automation System Holes Fixed
Chrysler Updates 1.4 Million Vehicles
Fiat Fixes Auto Remote Exploit

IMT25 Magnetic Flow DTM, Version 1.500.000 and all previous versions suffers from the issue.

The vulnerability produces an overwritten memory value that could cause a denial of service and potentially remote code execution. The denial of service would impact the DTM component and possibly the Frame Application running the DTM software. Remote code execution means an attacker could execute commands and software at the same level of permissions as the Frame Application on the machine hosting the Frame Application.

Paris, France-based Schneider Electric has offices in more than 100 countries worldwide.

The affected product, IMT25 Magnetic Flow DTM, is an FDT/DTM software library. According to Schneider Electric, this deploys across several sectors including commercial facilities, critical manufacturing, energy, and water and wastewater systems. Schneider Electric estimates these products see use primarily in the United States and Europe with a small percentage in Asia.

A specific memory value can end up overwritten by sending a special reply to a HART command. The overwritten memory value can cause a denial of service and remote code execution.

CVE-2015-3977 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.7.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be moderately difficult. Access to an adjacent network would be mandatory. This decreases the likelihood of a successful exploit.

Schneider Electric created a new version to mitigate this vulnerability, and recommends users download and install version 1.500.004 of the DTM software. Click here for the software version.

Schneider Electric has published Security Notification SEVD-2015-215-01 with details about this vulnerability.

For further information on vulnerabilities in Schneider Electric’s products, click on Schneider Electric’s cyber security web page.