You are here

Schneider Electric Floating License Manager (ICSA-18-144-01) – Products Used in the Water and Wastewater and Energy Sectors

Schneider Electric Floating License Manager (ICSA-18-144-01) – Products Used in the Water and Wastewater and Energy Sectors

Created: Friday, May 25, 2018 - 16:30
Categories:
Cybersecurity

The NCCIC has released an advisory on heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in Schneider Electric Floating License Manager. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites. Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.