Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Schneider Electric ConneXium Buffer Overflow Vulnerability

Number: AV16-178
Date: 2 November 2016

Purpose

The purpose of this advisory is to bring attention to a recently disclosed vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in Schneider Electric ConneXium.

Assessment

A buffer overflow vulnerability was identified in Schneider Electric’s ConneXium firewall FirewallA security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside. product. Exploitation of this vulnerability could allow an attacker to execute code during the login authentication AuthenticationA process or measure used to verify a users identity. process with SNMP. Schneider Electric is currently developing a firmware update to mitigate this vulnerability.

Affected Products:

  • TCSEFEC23F3F20 all versions
  • TCSEFEC23F3F21 all versions
  • TCSEFEC23FCF20 all versions
  • TCSEFEC23FCF21 all versions
  • TCSEFEC2CF3F20 all versions.

CVE Reference: CVE-2016-8352

Suggested Action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References:

Date modified: