Schneider Mitigates Buffer Overflow

Wednesday, January 28, 2015 @ 01:01 PM gHale


While addressing a buffer overflow vulnerability to its SoMove Lite software package, Schneider Electric identified other vulnerable products. Schneider Electric has produced a patch that mitigates this remotely exploitable vulnerability, according to a report on ICS-CERT.

The following Schneider Electric software platforms install affected Device Type Managers (DTMs) with an affected DLL which could lead to the buffer overflow:
• Unity Pro, all versions
• SoMachine, all versions
• SoMove, all versions
• SoMove Lite, all versions

RELATED STORIES
Magnetrol Integrates HART DTM Update
Update on HART DTM Vulnerability
Siemens Fixes SIMATIC Vulnerability
Siemens Updates Switch Vulnerabilities

The following Schneider Electric DTM libraries suffer from the issue:
• Modbus Communication Library, Version 2.2.6 and prior
• CANopen Communication Library, Version 1.0.2 and prior
• EtherNet/IP Communication Library, Version 1.0.0 and prior
• EM X80 Gateway DTM (MB TCP/SL)
• Advantys DTMs (OTB, STB)
• KINOS DTM
• SOLO DTM
• Xantrex DTMs

Successfully exploiting this vulnerability could allow a remote attacker to execute arbitrary code, according to Ariele Caltabiano (kimiya) with HP’s Zero Day Initiative (ZDI) who reported the vulnerability to ICS-CERT.

Paris, France-based Schneider Electric’s maintains offices in more than 100 countries worldwide. Unity Pro is a development software to test, debug, and manage applications. SoMachine is a single software environment for developing, configuring, and commissioning automation machinery. SoMove is a setup software for motor control devices. Schneider Electric estimates these products see use globally.

A DLL in a DTM development kit which ends up installed during DTM set up could be vulnerable to a buffer overflow that may allow an attacker to remotely execute code.

CVE-2014-9200 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

No known public exploits specifically target this vulnerability and an attacker with low skill would be able to exploit this vulnerability.

Schneider Electric released a patch that resolves the vulnerability by removing the vulnerable DLL. Click here for the Schneider Electric patch.

Click here for Schneider Electric’s security notice SEVD-2015-009-01.



Leave a Reply

You must be logged in to post a comment.