Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Schneider Electric Fixes Vulnerability in Control Valve Positioners

A vulnerability has been found in the Device Type Manager (DTM) component used by Schneider Electric in some of the company’s Invensys SRD Control Valve Positioners.

A vulnerability has been found in the Device Type Manager (DTM) component used by Schneider Electric in some of the company’s Invensys SRD Control Valve Positioners.

Advisories published by Schneider Electric and ICS-CERT show that the security hole affects version 3.1.6 and prior of the DTM used in SRD 960 and SRD 991 Control Valve Positioners.Schneider Electric Invensys SRD Control Valve Positioner

The SRD Control Valve Positioners are used to operate pneumatic valve actuators. Schneider Electric’s solutions are deployed all across the world in sectors such as energy, water and wastewater, and critical manufacturing.

The vulnerability is a stack buffer overflow condition (CVE-2014-9206) in one of the software package’s DLL files. An attacker can exploit the vulnerability for arbitrary code execution, the energy management company explained in its advisory.

A CVSS base score of 5.2 has been assigned to the bug.

The good news for industrial control system (ICS) operators is that the vulnerability cannot be exploited remotely. Furthermore, the attacker needs to trick a local user into loading a malicious DLL file into the vulnerable application.

“Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malformed DLL file. Additional user interaction is needed to load the malformed file. This decreases the likelihood of a successful exploit,” ICS-CERT noted.

There is no evidence that an exploit for this vulnerability exists, ICS-CERT said. The flaw has been addressed in version 3.6.3 of the DTM.

The issue was discovered and reported by Argentina-based researcher Ivan Sanchez from Nullcode Team.

CVE-2014-9206 is not the only arbitrary code execution vulnerability fixed by Schneider Electric this year. In January, the company released patches to address a similar DLL flaw in the DTM software used for SoMove, SoMove Lite, Unity Pro and SoMachine solutions.

Vulnerable DTM components pose a serious threat to ICS. Last year, Alexander Bolshev and Gleb Cherbov, researchers at Russia-based Digital Security, reported identifying tens of vulnerable DTM components from two dozen vendors. Bolshev told SecurityWeek earlier this month that they had notified most of the affected vendors, but since they didn’t get too many replies, they have been trying to get through to the companies via ICS-CERT.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.