![]() “The affected products are mostly software-based utilities and engineering tools designed for programming and configuring process, machine, and general control applications,” the ICS-CERT advisory said. OPC Factory Server Versions 3.50 and earlier.SFT2841 Versions 14, 13.1 and earlier, and.ModbusCommDTM sl Versions 2.1.2 and earlier,.TwidoSuite Versions 2.31.04 and earlier,.ICS-CERT said the following Schneider products contain the vulnerable Modbus driver: The patch is available from Schneider Electric. ICS-CERT said it is not aware of any public exploits. The vulnerable software driver is used across a gamut of industries, including chemicals, manufacturing, energy, nuclear reactors, government facilities, dams and transportation systems, primarily in the United States, Europe and China. By doing so, an attacker could execute code remotely. The advisory cautions that a second overflow vulnerability is also exploitable by overwriting the return address. If the header is too large, a stack-based overflow results. It creates a listener on TCP port 27700, and when a connection is made the Modbus Application Header is read into a buffer, the ICS-CERT advisory said. The driver is started when a programmable logic controller is connected to the serial port on a server. The Industrial Control Systems Computer Emergency Response Team (ICS-CERT) released an advisory yesterday alerting users to the availability of a patch and warning of the consequences associated with the stack-based buffer overflow vulnerability found in Schneider’s Serial Modbus Driver, ModbusDrv.exe. Schneider Electric, a leading provider of industrial control systems, recently patched a remotely exploitable vulnerability in a driver found in 11 of its products. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |