Schneider Fixes Accutech Manager

Thursday, February 14, 2013 @ 12:02 AM gHale

There is an update for the heap-based buffer overflow vulnerability that impacts the Schneider Electric Accutech Manager, according to a report on ICS-CERT.

Schneider Electric has produced an update that mitigates this remotely exploitable vulnerability. Independent researcher Aaron Portnoy of Exodus Intelligence, who discovered the hole, tested the update and verified that it fixes the vulnerability. Exploitation of this vulnerability could allow an attacker to execute code with administrator privileges. This vulnerability could affect the energy, water and wastewater, and critical manufacturing sectors.

WellinTech Patches Vulnerability
Moxa Mitigates Router Hole
Ecava Patches Vulnerability
Beijer Fixes Vulnerability

Exploit code for this vulnerability ended up published by another researcher who was not part of any coordinated effort with the vendor, ICS-CERT, or Exodus Intelligence.

Accutech Manager 2.00.1 and older suffers from the issue.

This buffer overflow will cause the Accutech Manager application to crash and an attacker could exploit it to allow an attacker to execute arbitrary code with administrator privilege. Because an attacker can exploit this vulnerability remotely, there is a potential for the hacker to gain control of the host computer.

Schneider Electric is a Europe-based company that maintains offices in 190 countries worldwide. Their products address various markets including renewable energy, process control, monitoring and control, motor controls, lighting controls, electrical distribution, and security systems.

The affected product, Accutech Manager, is a management component of a network-based sensor monitoring system. Accutech Manager goes in applications where remote sensor data gathers, and ends up monitored, displayed, and archived over time. It works in a broad range of low-level applications ranging from long-term multi-sensor monitoring on a large network to single PC implementations for technicians.

According to Schneider Electric, Accutech Manager works across several sectors including energy, water and wastewater, and critical manufacturing.

The RFManagerService.exe process binds to Ports 2536/TCP and 2537/TCP by default. By sending an HTTP request outside the bounds of the buffer to Port 2537/TCP, an attacker can cause a heap-based buffer resulting in loss of confidentiality, integrity, and availability.

CVE-2013-0658 is the number assigned to this vulnerability, which has a base CVSS score of 10.0.

An attacker with a low skill would be able to exploit this vulnerability.

The update is available at the Schneider Electric Website.

Schneider Electric also recommends that users implement the following steps until the user applies the update:
• Close the Accutech Manager software tool’s server component when not in use.
• Obtain guidance from Schneider Electric’s cyber security recommendations Web page.
• Check with Schneider Electric, and apply the maintenance update as soon as it becomes available.

One specific strategy that can mitigate the risk associated with the vulnerability is to ensure the vulnerable port (2537/TCP) is not accessible from the Internet.

Leave a Reply

You must be logged in to post a comment.