Several Schneider Electric Wonderware products are plagued by a high severity vulnerability that can be exploited for arbitrary code execution.
The Wonderware System Platform is an industrial operating system designed to provide services for configuration, communication, deployment, data connectivity, HMI, historization, and people collaboration. The solution is used by organizations across the world in industries such as manufacturing, food and beverage, energy, chemical, and water and wastewater.
According to advisories published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and Schneider Electric, the Wonderware System Platform is affected by a DLL hijacking (fixed search path / binary planting) vulnerability. An attacker who can convince a local user to load a maliciously crafted DLL file can exploit the flaw for arbitrary code execution.
“Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malicious file. This decreases the likelihood of a successful exploit,” ICS-CERT noted.
The security hole affects Wonderware InTouch, AppServer, Historian, and SuiteLink applications running version 2014 R2 and prior of the Wonderware System Platform.
The vulnerability, discovered and reported by Ivan Sanchez of WiseSecurity Team, has been assigned a CVSS score of 7.2 and the CVE identifier CVE-2015-3940. The bug has been patched with the release of Wonderware System Platform 2014 R2 P01.
Schneider’s advisory contains instructions on how to apply the patch, and recommendations for organizations that are unable to upgrade to the latest version.
The company has also informed customers of a cross-site scripting (XSS) vulnerability in PowerChute Business Edition Agent 9.0.3. The security bug will be addressed in the next PowerChute Business Edition release, but Schneider Electric has pointed out that the issue does not impact the 9.1.1 and 9.2 versions.
Until a patch becomes available, customers are advised to use web browsers that have XSS filters enabled by default, and ensure that the application is running on a private or secure network.