Wonderware Patches Vulnerability

Friday, June 19, 2015 @ 09:06 AM gHale

Schneider Electric created a patch that mitigates a fixed search path vulnerability in its Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite, according to a report on ICS-CERT.

Ivan Sanchez of WiseSecurity Team, who discovered the vulnerability, tested the patch to validate that it resolves the vulnerability.

GarrettCom Plugs Magnum Holes
Hospira Plum A+, Symbiq Vulnerabilities
Healthcare Control System Fix Update
RLE HMI Vulnerability

Wonderware System Platform 2014 R2 and prior versions suffer from the issue.

Successful exploitation of this vulnerability would require the victim to install and execute malicious code that could result in arbitrary code execution.

Paris, France-based Schneider Electric maintains offices in more than 100 countries worldwide.

The Wonderware System Platform sees action across several sectors including chemical, commercial facilities, critical manufacturing, energy, food and agriculture, and water and wastewater systems. Schneider Electric estimates these products see use worldwide.

Successful exploitation of this vulnerability would require the local user to load a malicious DLL called using a fixed search path at runtime, which may allow an attacker to execute arbitrary code.

CVE-2015-3940 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.2.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads the malicious file.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be difficult. Social engineering would be mandatory to convince the user to accept the malicious file. This decreases the likelihood of a successful exploit.

Schneider released the Wonderware System Platform 2014 R2 Patch 01, which addresses multiple instances of the identified vulnerability. Schneider said with the severity rating of this vulnerability high, users should apply the patch as soon as possible.

Click here for Schneider’s Wonderware System Platform 2014 R2 Patch 0.

Click here for more on Schneider’s security bulletin, LFSEC00000106.