ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Schneider Electric’s security bulletin, LFSEC00000106, is located at the following URL:
#Wonderware system platform versions Patch
Schneider Electric’s Wonderware System Platform 2014 R2 Patch 01 is available at the following URL: Schneider Electric has identified the severity rating of this vulnerability as high and recommends applying the patch as soon as possible. Schneider Electric has released the Wonderware System Platform 2014 R2 Patch 01, which addresses multiple instances of the identified vulnerability.
This decreases the likelihood of a successful exploit. Social engineering is required to convince the user to accept the malicious file. DIFFICULTYĬrafting a working exploit for this vulnerability would be difficult. No known public exploits specifically target this vulnerability. The exploit is only triggered when a local user runs the vulnerable application and loads the malicious file. This vulnerability is not exploitable remotely and cannot be exploited without user interaction. A CVSS v2 base score of 7.2 has been assigned the CVSS vector string is (AV:L/AC:L/Au:N/C:C/I:C/A:C). Successful exploitation of this vulnerability would require the local user to load a malicious DLL that is called using a fixed search path at runtime, which may allow an attacker to execute arbitrary code. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW Schneider Electric estimates that these products are used worldwide.
Schneider Electric’s corporate headquarters is located in Paris, France, and maintains offices in more than 100 countries worldwide.Īccording to Schneider Electric, the Wonderware System Platform, is deployed across several sectors including Chemical, Commercial Facilities, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization.
#Wonderware system platform versions install
Successful exploitation of this vulnerability would require the victim to install and execute malicious code that could result in arbitrary code execution.
Schneider Electric has produced a patch that mitigates this vulnerability. Ivan Sanchez of WiseSecurity Team has identified a fixed search path vulnerability in Schneider Electric’s Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite.
0 kommentar(er)
