(I)IoT Security News
News, Vulnerabilities

Schneider Electric Floating License Manager

1. EXECUTIVE SUMMARY

2. RISK EVALUATION

These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product.

3. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

The following versions of Floating License Manager are affected:

3.2 VULNERABILITY OVERVIEW

3.2.1    IMPROPER INPUT VALIDATION CWE-20

A denial of service vulnerability related to preemptive item deletion in lmadmin and vendor daemon components allows a remote attacker to send a combination of messages to lmadmin or the vendor daemon, causing the heartbeat between lmadmin and the vendor daemon to stop and the vendor daemon to shut down.

CVE-2018-20031 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.2    IMPROPER INPUT VALIDATION CWE-20

A denial of service vulnerability related to message decoding in lmadmin and vendor daemon components allows a remote attacker to send a combination of messages to lmadmin or the vendor daemon, causing the heartbeat between lmadmin and the vendor daemon to stop and the vendor daemon to shut down.

CVE-2018-20032 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.3    MEMORY CORRUPTION CWE-119

A remote code execution vulnerability in lmadmin and vendor daemon components could allow a remote attacker to corrupt the memory by allocating/deallocating memory, loading lmadmin or the vendor daemon and causing the heartbeat between lmadmin and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

CVE-2018-20033 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.4    IMPROPER INPUT VALIDATION CWE-20

A denial of service vulnerability related to adding an item to a list in lmadmin and vendor daemon components allows a remote attacker to send a combination of messages to lmadmin or the vendor daemon, causing the heartbeat between lmadmin and the vendor daemon to stop and the vendor daemon to shut down.

CVE-2018-20034 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

3.4 RESEARCHER

Schneider Electric reported these vulnerabilities to NCCIC.

4. MITIGATIONS

Schneider Electric has made a fix for these vulnerabilities available for download on its website at the following location:

Schneider Electric recommends users upgrade to Floating License Manager (FLM) Version 2.3.1.0 as soon as possible.

Details are described in the Schneider Electric Security Notification SEVD-2019-134-04.

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

NCCIC also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

 

Source:

https://www.us-cert.gov/ics/advisories/icsa-19-192-07

 

Related posts

Siemens PROFINET Devices (Update F)

(I) IoT
4 years ago

Microsoft Office 365 Security Observations

(I) IoT
6 years ago

Siemens SIMATIC PCS neo

IoT
12 months ago
Exit mobile version