SB2017051706 - Two vulnerabilities in Schneider Electric SoMachine HVAC
Published: May 17, 2017 Updated: May 18, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2017-7965)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow when processing AlTracePrint.exe. A local attacker can make call AlTracePrint.exe, trigger memory corruption and execute arbitrary code on the target system with administrator privileges.
Successful exploitation of this vulnerability may result in system compromise.
2) DDL injection (CVE-ID: CVE-2017-7966)
CWE-ID: CWE-427 - Uncontrolled Search Path Element
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to uncontrolled search path element. A remote attacker can load a specially crafted DLL file from remote WebDAV or SMB resource and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in system compromise.
Remediation
Install update from vendor's website.