Schneider Mitigates Plaintext Hole

Wednesday, September 16, 2015 @ 11:09 AM gHale

Schneider Electric created new firmware version that mitigates a cleartext transmission vulnerability in its StruxureWare Building Expert product, according to a report on ICS-CERT.

Artyom Kurbatov, an independent researcher that discovered the vulnerability, tested the new firmware version to validate it resolves the remotely exploitable vulnerability.

CODESYS Gateway Server Fixed
GE Mitigates MDS PulseNET Holes
Advantech Fixes Buffer Overflow
Yokogawa Mitigates Buffer Overflows

StruxureWare Building Expert, multi-purpose management device (MPM) versions prior to 2.15 suffers from the issue.

If an attacker successfully exploits this vulnerability, he or she may obtain user logon credentials.

Schneider Electric’s corporate headquarters is in Paris, France, and it maintains offices in more than 100 countries worldwide.

The affected product, StruxureWare Building Expert, is a building automation system for small and medium-sized buildings. According to Schneider Electric, StruxureWare Building Expert sees use in the commercial facilities sector. Schneider Electric estimates these products see action worldwide.

User logon credentials do not end up encrypted in transmission between server and client machines.

CVE-2015-3962 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

No known public exploits specifically target this vulnerability. An attacker with low skill would be able to exploit this vulnerability.

Schneider Electric encourages all customers to upgrade their MPMs to the newly released Version 2.15 or higher to mitigate the risks associated with this vulnerability. It is important to plan the upgrade procedures before execution to avoid unnecessary downtime and re-engineering. If unsure about the risks associated with upgrading MPMs to the new firmware, contact the account manager or technical support.

For more information on this vulnerability and detailed instructions, please see Schneider Electric’s security notification number SEVD-2015-254-01.

See the MPM installation guide for more details about how to obtain and install firmware Version 2.15 (login required).