08 November 2018

Schneider Electric has fixed a vulnerability in SESU software

Schneider Electric has reported a vulnerability in Schneider Electric Software Update (SESU), an application supplied with various products as an optional install to notify users of the availability of updated Schneider Electric software. The issue affects all versions of the tool prior to v2.2.0.

The vulnerability (CVE-2018-7799) could allow an attacker with local access to execute arbitrary code on a target system when placing a specific DLL file (DLL hijacking).

Schneider Electric has released an update which addresses this vulnerability. Information on this has been sent to users, including via a notification through Schneider Electric Software Update.

Sources: Schneider Electric, ICS-CERT