Schneider Electric corporate headquarters is located in Paris, France, and maintains offices in more than 100 countries worldwide. NCCIC/ICS CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Modbus Serial Driver versions that are affected:Ī successful exploit of this vulnerability could cause a buffer overflow that could allow arbitrary code execution with user privileges. OPC Factory Server Versions 3.50 and earlier.SFT2841 Versions 14, 13.1 and earlier, and.ModbusCommDTM sl Versions 2.1.2 and earlier,.TwidoSuite Versions 2.31.04 and earlier,.
The following Schneider Electric products bundle the Schneider Electric Modbus Serial Driver (ModbusDrv.exe), which is started when attempting to connect to a Programmable Logic Controller (PLC) via the serial port of a personal computer: This vulnerability can be exploited remotely. Schneider Electric has produced patches that mitigate this vulnerability. Carsten Eiram of Risk-Based Security has identified a stack-based buffer overflow vulnerability in Schneider Electric’s Serial Modbus Driver that affects 11 Schneider Electric products.
0 kommentar(er)
