Schneider Patches Wonderware ArchestrA Logger

Friday, July 7, 2017 @ 04:07 PM gHale


Schneider Electric patched its Wonderware ArchestrA Logger to mitigate multiple vulnerabilities, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities, discovered by Andrey Zhukov of USSC who reported it directly to Schneider Electric which then reported it to ICS-CERT, include a stack-based buffer overflow, uncontrolled resource consumption, and a null pointer deference.

RELATED STORIES
Siemens SIPROTEC 4, SIPROTEC Compact Issues
New Firmware for Siemens Reyrolle
Siemens Mitigates Building Controller Holes
Schneider Fixing U.motion Builder Holes

Wonderware ArchestrA Logger, a piece of logging software, versions 2017.426.2307.1 and prior suffer from the vulnerabilities.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute code or cause a denial of service.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerability.

The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.

CVE-2017-9629 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.

CVE-2017-9627 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The null pointer deference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing. Schneider Electric notes that applications which use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable.

CVE-2017-9631 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees use in the critical manufacturing, dams, defense industrial base, energy, food and agriculture, government facilities, nuclear reactors, materials, and waste, transportation systems, and water and wastewater systems sectors. It also sees action on a global basis.

Paris, France-based Schneider Electric recommends users of any Wonderware, Avantis, SimSci, or Skelta product that installs the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior should apply the Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 as soon as possible.

Users can download software updates from the Global Customer Support “Software Download” area or from:
• Wonderware ArchestrA Logger Security Patch v2017.517.2328.1 (requires login)

For more information about this vulnerability and patch, please refer to Schneider Electric Security Bulletin LFSec00000116.



Leave a Reply

You must be logged in to post a comment.