Schneider Fixes OFS Server Hole

Friday, May 22, 2015 @ 02:05 PM gHale

Schneider Electric created a service patch that mitigates a DLL hijacking vulnerability in its OPC Factory Server (OFS) application, according to a report on ICS-CERT.

Ivan Sanchez from Nullcode Team, who discovered the vulnerability, tested the new service patch to validate it resolves the vulnerability.

Emerson Fixes SQL Injection Issue
OleumTech Fixes WIO Family Holes
More Holes Filled in Healthcare System
OSIsoft Fixes Permissions Hole

OPC Factory Server Version 3.5, and older suffers from the issue.

Exploitation of DLL hijack vulnerabilities can crash the system, and possibly give an attacker access to the system with the same privilege level as the application that utilizes the malicious DLL.

Paris, France-based Schneider maintains offices in more than 100 countries worldwide.

The affected product, OPC Factory Server, enables Windows client applications to access Modicon PLC data in real time. According to Schneider Electric, OPC Factory Server sees action across complex manufacturing processes and infrastructures in sectors including commercial facilities, critical manufacturing, energy, water and wastewater systems, and others. Schneider estimates these products see use worldwide.

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on the victim machine. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code.

CVE-2015-1014 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads a specially crafted malformed DLL file.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be difficult. Social engineering would end up needed to convince the user to click and access specially malformed files necessary to exploit this vulnerability. Additional user interaction is also mandatory to load additional malformed files. This decreases the likelihood of a successful exploit.

Schneider recommends vulnerable users to upgrade the OPC Factory Server to V3.5, SP 6. Click here to download the new service patch.

Click here to view Schneider’s security notice SEVD-2015-133-01.

Leave a Reply

You must be logged in to post a comment.