Schneider Vulnerabilities Released

Tuesday, November 29, 2011 @ 12:11 PM gHale


There are four vulnerabilities in the Schneider Electric Vijeo Historian product line, including a denial of service (DoS), buffer overflow, a cross-site scripting (XSS), and a directory traversal.

ICS-CERT coordinated this report with Schneider Electric and with the discovering researcher Kuang-Chun Hung of Security Research and Service Institute Information and Communication Security Technology Center (ICST).

RELATED STORIES
Patches for InduSoft Vulnerabilities
Third Party Vulnerability Hits Mitsubishi
Remote Procedure Call Vulnerability
SCADA/HMI ActiveX Hole Found

Schneider has produced a fix that resolves these vulnerabilities. ICST tested this fix and validated it fully resolves the vulnerabilities.

Schneider Electric said the issue affects the following products:
• Vijeo Historian V4.30 and earlier
• CitectHistorian V4.30 and earlier
• CitectSCADA Reports V4.10 and earlier.

Successful exploitation of these vulnerabilities could result in DoS, data leakage, or remote code execution. Schneider Electric, a manufacturer and integrator of energy management equipment and software worldwide, said these products see use in the energy, industry, and building automation sectors.

A buffer overflow vulnerability exists in the third-party TeeChart ActiveX control that could allow a remote attacker using social engineering to cause a DoS. CVE-2011-4033 is the assigned number in the National Vulnerability Database (NVD).

A buffer overflow vulnerability exists in the third-party TeeChart ActiveX control that could allow a remote attacker using social engineering to cause a denial of service and/or execute arbitrary code. CVE-2011-4034 is the assigned number for this vulnerability in the NVD.

A XSS vulnerability exists that could allow remote attackers using social engineering to inject arbitrary web script or HTML via an HTTP request. CVE-2011-4035 is the code assigned to this vulnerability in the NVD.

A directory traversal vulnerability exists in the web portal allowing remote attackers to read arbitrary files in an HTTP request. CVE-2011-4036 is the code assigned to this vulnerability in the NVD.

Three of these four vulnerabilities are remotely exploitable if used with social engineering. The directory traversal vulnerability is exploitable without social engineering. An attacker with a low to moderate skill level could potentially exploit these vulnerabilities.

Schneider Electric has created a patch and issued a customer notification describing the vulnerabilities.



Leave a Reply

You must be logged in to post a comment.