SB2018121403 - Remote code execution in Schneider Electric GUIcon Eurotherm

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Type confusion (CVE-ID: CVE-2018-7813)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to type confusion error on pcwin.dll. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Type confusion (CVE-ID: CVE-2018-7815)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to type confusion error on c3core.dll. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Stack-based buffer overflow (CVE-ID: CVE-2018-7814)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into parsing a specially crafted GD1 file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-338-01-Eurotherm-GUIcon.pdf&p_Doc_Ref=SEVD-2018-338-01