You are here

Schneider Electric Software Update (ICSA-18-305-02) – Product Used in the Energy Sector

Schneider Electric Software Update (ICSA-18-305-02) – Product Used in the Energy Sector

Created: Friday, November 2, 2018 - 09:20
Categories:
Cybersecurity

The NCCIC has released an advisory on a DLL hijacking vulnerability in Schneider Electric Software Update (SESU). All versions prior to 2.2.0 are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. Schneider Electric has created a fix for this vulnerability (Version 2.2.0). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.