by Dennis Fisher December 18, 2014
There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities.
The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions 6.0.1 and earlier, according to an advisory released by ICS-CERT. The flaws exists in two separate components of the ProClia software, MDraw30.ocx and Atx45.ocx.
“MDraw30.ocx control can be initialized and called by malicious scripts potentially causing buffer overflows, which may allow an attacker to execute code remotely,” the advisory says.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.