Fr. Sauter Fix for CASE Suite

Thursday, November 1, 2018 @ 06:11 PM gHale

Fr. Sauter AG has a recommended fix for an improper restriction of XML external entity reference vulnerability in its CASE Suite, according to a report with NCCIC.

Successful exploitation of this vulnerability, discovered by Gjoko Krstic of Applied Risk, could allow an attacker to remotely retrieve unauthorized files from the system.

RELATED STORIES
Charging Station Vulnerability Cleared
Schneider Updates SESU
InduSoft Web Studio, InTouch Holes Fixed
Update to 2-year-old CompactLogix Issue

CASE Suite Versions 3.10 and prior suffer from the remotely exploitable vulnerability.

An XXE vulnerability exists when processing parameter entities, which may allow remote file disclosure.

CVE-2018-17912 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action mainly in the critical manufacturing sector. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Switzerland-based Fr. Sauter AG recommends users apply Service Release 1 for the current CASE Suite Version 3.10. The software is deployed via local support channels.



Leave a Reply

You must be logged in to post a comment.