Security Experts:

Connect with us

Hi, what are you looking for?



Schneider Electric Patches DLL Hijacking Bug in Wonderware Products

Several Schneider Electric Wonderware products are plagued by a high severity vulnerability that can be exploited for arbitrary code execution.

Several Schneider Electric Wonderware products are plagued by a high severity vulnerability that can be exploited for arbitrary code execution.

The Wonderware System Platform is an industrial operating system designed to provide services for configuration, communication, deployment, data connectivity, HMI, historization, and people collaboration. The solution is used by organizations across the world in industries such as manufacturing, food and beverage, energy, chemical, and water and wastewater.

According to advisories published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and Schneider Electric, the Wonderware System Platform is affected by a DLL hijacking (fixed search path / binary planting) vulnerability. An attacker who can convince a local user to load a maliciously crafted DLL file can exploit the flaw for arbitrary code execution.

“Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malicious file. This decreases the likelihood of a successful exploit,” ICS-CERT noted.

The security hole affects Wonderware InTouch, AppServer, Historian, and SuiteLink applications running version 2014 R2 and prior of the Wonderware System Platform.

The vulnerability, discovered and reported by Ivan Sanchez of WiseSecurity Team, has been assigned a CVSS score of 7.2 and the CVE identifier CVE-2015-3940. The bug has been patched with the release of Wonderware System Platform 2014 R2 P01.

Schneider’s advisory contains instructions on how to apply the patch, and recommendations for organizations that are unable to upgrade to the latest version.

The company has also informed customers of a cross-site scripting (XSS) vulnerability in PowerChute Business Edition Agent 9.0.3. The security bug will be addressed in the next PowerChute Business Edition release, but Schneider Electric has pointed out that the issue does not impact the 9.1.1 and 9.2 versions.

Until a patch becomes available, customers are advised to use web browsers that have XSS filters enabled by default, and ensure that the application is running on a private or secure network.

Related: Learn More At the ICS Cyber Security Conference

Related: Critical Vulnerability Fixed in Schneider Electric Wonderware Product

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.