Schneider OFS Buffer Overflow

Friday, February 28, 2014 @ 12:02 PM gHale


Schneider Electric reported a stack buffer overflow vulnerability supplied with its OPC Factory Server (OSF), according to a report on ICS-CERT.

The following Schneider Electric OFS Test Client versions suffer from the issue:
• TLXCDSUOFS33 – V3.35
• TLXCDSTOFS33 – V3.35
• TLXCDLUOFS33 – V3.35
• TLXCDLTOFS33 – V3.35
• TLXCDLFOFS33 – V3.35

The parsing of the sample configuration file exposes a buffer overflow vulnerability that may lead to remote code execution. This client was for demonstration purposes only and should not see use in a production environment.

RELATED STORIES
Schneider Fixes Bug, Patches Others
Increase in NTP Reflection Attacks
Siemens Fixes RuggedCom Vulnerability
Mitsubishi Fixes ActiveX Control

Schneider Electric is a European-based company that maintains offices in 190 countries worldwide.

These products are industrial active energy management control products, deployed across several sectors including the energy, water and wastewater systems, commercial facilities, government facilities, food and agriculture, and transportation systems. Schneider Electric estimates these products see use primarily in the United States and North America.

When a malformed configuration file ends up parsed by the demonstration client, it may cause a buffer overflow allowing the configuration file to start malicious programs or execute code on the PC.

Schneider Electric provided a demonstration client with the OFS program for training purposes and did not intend for use in a production environment.

CVE-2014-0774 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction with the demonstration client. The exploit only triggers when the demonstration client opens a specially modified sample client configuration file to execute malicious programs or execute code on the PC.

No known public exploits specifically target this vulnerability. An attacker with a moderate skill and physical access would be able to exploit this vulnerability.

Schneider Electric has a product upgrade as well as a workaround solution that mitigates this vulnerability.

Click here for the security announcements affecting the OPC Factory Server.

Schneider recommends customers to upgrade to OFS v3.4 or later (Version v3.5 is currently available). Customers that cannot upgrade should remove the demonstration client from affected computers, provided they do not need it for operations.



Leave a Reply

You must be logged in to post a comment.