Advisory Details

April 3rd, 2014

Schneider-Electric ClearSCADA ServerMain.exe OPF File Parsing Remote Code Execution Vulnerability

ZDI-14-059
ZDI-CAN-1876

CVE ID CVE-2014-0779
CVSS SCORE 6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)
AFFECTED VENDORS Schneider Electric
AFFECTED PRODUCTS ClearSCADA
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process.

ADDITIONAL DETAILS Schneider Electric has issued an update to correct this vulnerability. More details can be found at:
http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01
DISCLOSURE TIMELINE
  • 2014-01-13 - Vulnerability reported to vendor
  • 2014-04-03 - Coordinated public release of advisory
CREDIT Andrew Brooks
BACK TO ADVISORIES