AusCERT - ASB-2013.0053 - [Win] Schneider Electric Modbus Serial Driver: Execute arbitrary code/commands

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ASB-2013.0053 - [Win] Schneider Electric Modbus Serial Driver: Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 April 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0053
        Important security notification - Schneider Electric Serial
                        Modbus Driver Vulnerability
                               11 April 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Schneider Electric Modbus Serial Driver
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Saturday, May 11 2013

OVERVIEW

        A vulnerability has been identified in Schneider Electric's Modbus 
        Serial driver. [1]


IMPACT

        The vendor has stated the following:
        
        "Under certain conditions, which would require a multi-step process,
        an internal buffer overflow condition could be created. An attacker 
        could gain control of the program flow and execute arbitrary code with
        the permissions of the user running any of the software products 
        listed below.
        
        Windows Platform and Modbus Serial Driver version
        
        Windows OS version	Modbus Serial Driver
        XP 32 bit		V1.10 IE v37
        Vista 32 bit		2.2 IE12
        Windows 7 32 bit	2.2 IE12
        Windows 7 64 bit	3.2 IE12
        
        Schneider Electric Product and version
        
        Product		Version
        TwidoSuite	2.31.04	and prior
        PowerSuite	2.6 and prior
        SoMove		V1.7 and prior
        SoMachine	V2.0, V3.0, V3.1, V3.0 XS
        Unity Pro	V7.0 and prior
        UnityLoader	V2.3 and prior
        Concept		V2.6 SR7 and prior
        ModbusCommDTMsl	V2.1.2 and prior
        PL7		V4.5 SP5 and prior
        SFT2841		V14; V13.1 and prior
        OFS		V3.50 and prior" [1]


MITIGATION

        The vendor has stated the following:
        
        "Schneider Electric will fix this issue in the next released version of
        the ModbusDriverSuite on or around May 17th 2013. This new release will
        be implemented into each Software product from the list above in order 
        to close the vulnerability. If the updated Software Product is not 
        available, customers may contact Schneider Electric support personnel to
        get the new ModbusDriverSuite as separate installable." [1]


REFERENCES

        [1] Important security notification - Schneider Electric Serial Modbus
            Driver Vulnerability
            http://download.schneider-electric.com/files?p_File_Id=47991052&p_File_Name=SEVD-2013-070-01.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUWdf0O4yVqjM2NGpAQJ4AxAArnG5uASFkLmOLjiZdS2waHUlVESSRTed
BYolhBBwXkoekvvBp3sqvW0NzSCqbdhiPhsXotvByqzjfwh1RtZU5bOERS+U7kSR
X2UzFs1PyzKr36MxTLhty2xylkzm5pxFwz6UGav7Vl9uRMtg5mmmLvyua1TB7AfV
5+4kZewidDpRaZYjiJpe96POz01dnDs3Cdd2c57nq0Ca/iJXfnUCn2hJpYO1LDhl
ORs+r3DEQeVtgRaItHV2ByLRXeQzRkX9/sPrrzGeE34pIggkwGpTGx9yb5T54CkQ
1K9U4fYlnAwqGMRD4atMVo+YXOJNBjLVOY//I5z+NDYWVe6aFK0uXmkJhp2Ani8C
ihBci7hOKy0TL1zjENp2TRy8+tKrlQUb/YduwTe1GcGwbAPYPwADh25VnCOZlBuQ
SxBW85T3KElU4Io9t4hmmLmBtZDNf3noaZrnXXkpqlOUsIXQ+gYXm7iIHX5hD56A
gcBI2HyeOknh6SCMt9ZMFC3EYoenj7ZGNS53FP0N7uC/JTrH8vaRMs7rB0yTS/h5
ocxZWXtns0QX2/Vkle/JnEiiO8DHLr6olEYebzCb7rrRWifxKM1HGXKOjoVcabLv
vi2MJOFHIFlSA0aEcnh1Cukn9Wx8K+gQtejk4KP1cUmSg0kory93u/JC4sWTWp1/
4qqMhLp9iZE=
=DGbS
-----END PGP SIGNATURE-----