Schneider Patches OPC Buffer Overflow

Monday, April 7, 2014 @ 06:04 PM gHale


Schneider Electric created a patch that mitigates a buffer overflow vulnerability in its OPC Factory Server (OFS) application, according to a report on ICS-CERT.

Researcher Wei Gao, formerly of IXIA and discoverer of the remotely exploitable vulnerability, tested the patch to validate that it resolves the issue.

RELATED STORIES
Siemens ROS Improper Input Validation
Schneider Modbus Driver Buffer Overflow
Siemens Fixes SIMATIC PLC Holes
SIMATIC S7-1200 CPU Vulnerabilities Fixed

The vulnerability affects the following versions of OFS:
• TLXCDSUOFS33 – V3.5 and previous,
• TLXCDSTOFS33 – V3.5 and previous,
• TLXCDLUOFS33 – V3.5 and previous,
• TLXCDLTOFS33 – V3.5 and previous, and
• TLXCDLFOFS33 – V3.5 and previous.

A successful exploitation will cause the server to reboot resulting in a denial of service (DoS).

Paris, France-based Schneider Electric maintains offices in more than 100 countries worldwide.

These products are industrial active energy management control products, deployed across several sectors including the energy, water and wastewater systems, commercial facilities, government facilities, food and agriculture, and transportation systems. Schneider Electric estimates these products primarily see use in the United States and North America.

Incorrect parsing in the OPC Automation 2.0 Server Object (ActiveX) can result in a buffer overflow error. The vulnerability is the result of parsing long arguments in functions.

CVE-2014-0789 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

Exploits that target this vulnerability are publicly available and an attacker with a low skill could exploit this vulnerability.

Schneider Electric has developed a patch to resolve this issue. In order to patch the installation in the field, install OFS V3.5SP1, available on Schneider Electric’s web site.

OFS V3.5SP1 includes a patched version of the OLE2T macro from Microsoft to resolve the issue.

For more information regarding this issue, please see the security releases affecting the OPC Factory Server on Schneider Electric’s web site.



Leave a Reply

You must be logged in to post a comment.