Critical Remotely Exploitable Bugs Found in Schneider Electric ProClima Software

  • 18 December 2014
  • 0 replies
  • 192 views

Userlevel 7
Badge +54
by Dennis Fisher         December 18, 2014

There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities.

The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions 6.0.1 and earlier, according to an advisory released by ICS-CERT. The flaws exists in two separate components of the ProClia software, MDraw30.ocx and Atx45.ocx.

“MDraw30.ocx control can be initialized and called by malicious scripts potentially causing buffer overflows, which may allow an attacker to execute code remotely,” the advisory says.
 
Full Article

0 replies

Be the first to reply!

Reply