Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Schneider Electric Patches DLL Hijacking Bug in Wonderware Products

Several Schneider Electric Wonderware products are plagued by a high severity vulnerability that can be exploited for arbitrary code execution.

Several Schneider Electric Wonderware products are plagued by a high severity vulnerability that can be exploited for arbitrary code execution.

The Wonderware System Platform is an industrial operating system designed to provide services for configuration, communication, deployment, data connectivity, HMI, historization, and people collaboration. The solution is used by organizations across the world in industries such as manufacturing, food and beverage, energy, chemical, and water and wastewater.

According to advisories published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and Schneider Electric, the Wonderware System Platform is affected by a DLL hijacking (fixed search path / binary planting) vulnerability. An attacker who can convince a local user to load a maliciously crafted DLL file can exploit the flaw for arbitrary code execution.

“Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malicious file. This decreases the likelihood of a successful exploit,” ICS-CERT noted.

The security hole affects Wonderware InTouch, AppServer, Historian, and SuiteLink applications running version 2014 R2 and prior of the Wonderware System Platform.

The vulnerability, discovered and reported by Ivan Sanchez of WiseSecurity Team, has been assigned a CVSS score of 7.2 and the CVE identifier CVE-2015-3940. The bug has been patched with the release of Wonderware System Platform 2014 R2 P01.

Schneider’s advisory contains instructions on how to apply the patch, and recommendations for organizations that are unable to upgrade to the latest version.

The company has also informed customers of a cross-site scripting (XSS) vulnerability in PowerChute Business Edition Agent 9.0.3. The security bug will be addressed in the next PowerChute Business Edition release, but Schneider Electric has pointed out that the issue does not impact the 9.1.1 and 9.2 versions.

Advertisement. Scroll to continue reading.

Until a patch becomes available, customers are advised to use web browsers that have XSS filters enabled by default, and ensure that the application is running on a private or secure network.

Related: Learn More At the ICS Cyber Security Conference

Related: Critical Vulnerability Fixed in Schneider Electric Wonderware Product

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.