Schneider Mitigates Conext ComBox Hole

Thursday, March 2, 2017 @ 06:03 PM gHale


Schneider Electric released new firmware to mitigate a resource exhaustion vulnerability in its Conext ComBox product, according to a report with ICS-CERT.

The vulnerability, discovered by Arik Kublanov and Mark Liapustin of Nation-E Ltd, affects the following Conext ComBox solar battery monitor: Model 865-1058: all firmware versions prior to V3.03 BN 830.

RELATED STORIES
Siemens Fixes SINUMERIK Hole
Schneider Clears Old Modicon PLC Hole
Sixnet Switches get Fix
VIPA Controls Patches WinPLC7 Hole

Successful exploitation of this remotely exploitable vulnerability could cause the device to self-reboot, constituting a denial of service.

The product sees use in the energy sector, according to Paris, France-based Schneider. It sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker would need low skill level to exploit the vulnerability.

With the resource exhaustion vulnerability, a series of rapid requests to the device may cause it to reboot.

CVE-2017-6019 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Click here to download the new firmware (V3.03 BN 830).

Users can learn more about this vulnerability and the associated firmware fix by reading Schneider Electric’s security notification SEVD-2017-052-01.



Leave a Reply

You must be logged in to post a comment.