gaqsafety.blogg.se - Vijeo citect modnet 30

Schneider Electric is a manufacturer and integrator of energy management and industrial automation systems, equipment, and software. Schneider Electric is a France-based multinational corporation. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. The software would need to be restarted to recover from a successful denial-of-service attack.

StruxureWare PowerSCADA Expert v7.30 to v7.30SR1, andĪn attacker can cause a denial of service in this product by exploiting this vulnerability.

StruxureWare SCADA Expert Vijeo Citect v7.40,.

The following Schneider Electric versions are affected: This vulnerability could be exploited remotely. Eiram has tested the patch to validate that it resolves all the above vulnerabilities in CitectSCADA. While investigating this vulnerability report, Schneider Electric discovered additional related vulnerabilities and has produced a patch that mitigates them in SCADA Expert Vijeo Citect, CitectSCADA, and PowerSCADA Expert. Eiram had already been fixed in CitectSCADA v7.20SP2. The original vulnerability reported by Mr.

Researcher Carsten Eiram of Risk Based Security has identified an exception handling vulnerability in Schneider Electric’s CitectSCADA application. Schneider Electric requested the title change to reduce confusion. This advisory was originally posted to the US-CERT secure Portal library on December 16, 2013.

This updated advisory is a follow-up to the original advisory titled ICSA-13-350-01 Schneider Electric SCADA Products Exception Handler Vulnerability that was published February 25, 2014, on the NCCIC/ICS-CERT web site.