SB2018052426 - Multiple vulnerabilities in Schneider Electric products

Description

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2016-10395)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds memory read. A remote attacker can trigger memory corruption and cause the service to crash.

2) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

3) Open redirect (CVE-ID: CVE-2017-5571)

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists due to open redirect in lmadmin component. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01