Vulnerability exists in DLL in DTM development kit

Jan 30, 2015 18:04 GMT  ·  By

Several ICS products from Schneider Electric have been been updated by the vendor against a buffer overflow vulnerability.

Initially, the glitch was reported for SoMove Lite software package but upon closer inspection it has been found that all versions of Unity Pro (development software to test, debug, and manage applications), SoMachine (single software environment for developing, configuring, and commissioning automation machinery) and SoMove (setup software for motor control devices) are affected in the same way.

The flaw exists in a DLL present in a DTM (Device Type Manager) development kit. When the DTM is set up, the buggy DLL is also added to the system, making it vulnerable.

According to an advisory from ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), an attacker could take advantage of the weakness to run arbitrary code. The operation can be conducted from a remote machine.

The bug, discovered by Ariele Caltabiano with HP’s ZDI (Zero Day Initiative), was assigned the CVE-2014-9200 identifier and was marked with a 7.5 severity score, since it can be leveraged remotely and no special skills are required.

ICS-CERT says that at the moment there is no evidence indicating that the glitch is exploited in the wild. A patch prepared by Schneider Electric is available for download.