Schneider Electric fixes multiple vulnerabilities

Schneider Electric has recently published advisories covering multiple vulnerabilities in its products and third-party components. It is recommended that these updates should be applied as soon as possible.

Details

• In August, Schneider Electric (SE) fixed a total of 25 vulnerabilities, three rated Critical, 18 High and four Medium. The most severe issues are related to updates in third-party product updates released earlier this year.
• Multiple Microsoft Windows vulnerabilities were fixed in SE's NTZ Mekhanotronika Rus. LLC control panels that use Windows operating system:
  • CVE-2021-31166 - an HTTP Protocol Stack Remote Code Execution vulnerability. An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. CVSS v3.0 Base Score: 9.8.
  • Windows Print Spooler vulnerabilities, commonly known as PrintNightmare, and tracked as CVE-2021-34527 and CVE-2021-1675. Threat actors who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. They could then install programs; view, change, or delete data; or create new accounts with full user rights. CVSS v3.1 Base Score: 8.8.

• Treck Inc.’s HTTP Server component used in the Schneider Electric TM3BC bus coupler module is affected by CVE-2020-25066. It's a heap-based buffer overflow vulnerability that could allow denial of service (crash/reset) or arbitrary code execution. CVSS v3.1 Base Score: 10.
• Programmable Automation Controllers (PacDrive) M were affected by several high-severity vulnerabilities in CODESYS V2 runtime software. The flaws are tracked as CVE-2021-30186, CVE-2021-30188, and CVE-2021-30195, and could cause a denial-of-service condition. CVSS v3.0 Base Score: 8.8.
• Five vulnerabilities in the NicheStack TCP/IP stack, known “INFRA:HALT”, affect Schneider Electric’s Lexium motion control drives. The flaws are tracked as CVE-2021-31400, CVE-2021-31401, CVE-2020-35683, CVE-2020-35684, and CVE-2020-35685, and could be used for denial of service. CVSS v3.0 Base Score: 7.5

Recommendations

• We recommend reviewing the Schneider Electric advisories and applying the latest updates to mitigate the risk.
• Refer to the SE Recommended Cybersecurity Best Practices and industry guidance below to assess your organization’s security posture.

References

• Schneider Electric Advisories
• Schneider Electric Recommended Cybersecurity Best Practices
• CISA Advisory on CODESYS Flaws
• CISA Advisory on INFRA:HALT
•  ATT&CK® for Industrial Control Systems