Remote code execution in Schneider Electric GUIcon Eurotherm
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-7813 CVE-2018-7815 CVE-2018-7814 |
| CWE-ID | CWE-843 CWE-121 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
GUIcon Eurotherm Hardware solutions / Firmware |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Type confusion
EUVDB-ID: #VU16538
Risk: High
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7813
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion error on pcwin.dll. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 2.0.683.003.
Vulnerable software versionsGUIcon Eurotherm: 2.0.683.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type confusion
EUVDB-ID: #VU16539
Risk: High
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7815
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion error on c3core.dll. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 2.0.683.003.
Vulnerable software versionsGUIcon Eurotherm: 2.0.683.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU16540
Risk: High
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7814
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 2.0.683.003.
Vulnerable software versionsGUIcon Eurotherm: 2.0.683.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
