16 July 2019
Multiple vulnerabilities in Schneider Electric Floating License Manager
ICS CERT has published an advisory about multiple vulnerabilities in the Floating License Manager (up to and including version 126.96.36.199), which is built into many industrial control systems by Schneider Electric. An attack exploiting one or more of these vulnerabilities could allow the attacker to bypass the license for legal use of the product.
Altogether, four vulnerabilities have been found in the application.
The most dangerous vulnerability, CVE-2018-20033, has been given a base score of 9.8 on the CVSS v3 scale. It is a Remote Code Execution vulnerability in lmadmin and vendor daemon components, which could allow an attacker to corrupt the memory and cause the vendor’s daemon to shut down.
The other 3 vulnerabilities, CVE-2018-20031, CVE-2018-20032, CVE-2018-20034, are all Denial of Service vulnerabilities in Imadmin and the vendor daemon, which could also cause the vendor daemon to shut down. These 3 vulnerabilities were assigned a base score of 7.5 on the CVSS-v3.0 scale.
The above vulnerabilities also affect Aveva products Vijeo Citect and Citect SCADA (version 7.30 and later), where the Floating License Manager is used.
Schneider Electric has already released updates, available on their website and recommends that all users update the software as quickly as possible.