15 January 2019
Vulnerabilities in Schneider Electric industrial solutions
Schneider Electric has released advisories on vulnerabilities in its industrial solutions.
One advisory concerns GP-Pro EX programming environment by Pro-face, a subsidiary of Schneider Electric. The solution, which is used to create automation projects, is affected by a critical Improper Input Validation vulnerability (CVE-2018-7832). Successful exploitation of the vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program. This flaw has been assigned a CVSS v.3 base score of 9.
The issue affects versions 4.08 and prior of the solution. The vulnerability was fixed in version 4.08.200.
Another security flaw (CVE-2018-7817) was identified in Zelio Soft software (versions 5.1 and prior) for Zelio Logic (SR2/ SR3) smart relays. The vulnerability was assigned a CVSS v.3 base score of 7.8. Due to improper dynamic memory management in the process of a program’s operation (Use-After-Free vulnerability), opening a specially crafted Zelio Soft project file could allow remote code execution. The vendor recommends installing the relevant update to address the vulnerability.
Three more vulnerabilities affect the IIoT Monitor monitoring platform, versions 3.1.38 and prior. The most severe of these vulnerabilities, unrestricted upload of file with dangerous type (CVE-2018-7836), was assigned a CVSS v.3 base score of 9.3. Successful exploitation of this vulnerability could allow malicious files to be uploaded and executed.
Another flaw identified in IIoT Monitor is an XXE vulnerability (CVE-2018-7837), which could be exploited to embed incorrect documents into its output and expose restricted information. The last vulnerability, CVE-2018-7835, is a path traversal vulnerability, which could allow an attacker to access files available to SYSTEM user. Both of these vulnerabilities were assigned a CVSS v.3 base score if 7.5.
To reduce possible risks, the vendor recommends migrating to the latest software solution that resolves the issue.
Sources: Schneider Electric, ICS-CERT