Schneider Fixes ProClima Holes

Tuesday, December 1, 2015 @ 05:12 PM gHale

Schneider Electric created an update to mitigate 11 remote code execution vulnerabilities in its ProClima F1 Bookview ActiveX control application, according to a report on ICS-CERT.

Ariele Caltabiano, working with HP’s Zero Day Initiative, discovered the remotely exploitable vulnerabilities.

Siemens Fixes Communication Processor
Eaton Addresses Fixed Vulnerability
Moxa Fixes OnCell Vulnerabilities
Tibbo Fixes Platform Vulnerabilities

ProClima Version 6.1 and prior suffer from the issues.

These vulnerabilities can end up used to modify arbitrary memory and lead to remote code execution.

Schneider Electric’s corporate headquarters is in Paris, France, and the company maintains offices in more than 100 countries worldwide.

The affected product, ProClima, is a configuration utility used to design control panel enclosures to accommodate the thermal load from the electrical/electronic devices inside and from the environment.

ProClima sees use across several sectors including critical manufacturing, commercial facilities, and energy. Schneider said this product sees use primarily in the United States and Europe with a small percentage in Asia.

ProClima has 11 vulnerabilities that allow code injection. This could allow the attacker to cause a crash or to execute arbitrary code.

CVE-2015-7918 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

Schneider Electric has developed an update for ProClima software. Click here for the update.

For more information on this vulnerability and the associated patch, please see Schneider Electric’s SEVD-2015-329-01, released November 25.