Schneider Electric ConneXium Firewalls Buffer Overflow

critical Nessus Network Monitor Plugin ID 720088

Synopsis

An issue was discovered in Schneider Electric ConneXium firewalls that leads to a stack-based buffer overflow.

Description

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://www.securityfocus.com/bid/94062,https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01

Plugin Details

Severity: Critical

ID: 720088

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 11/1/2016

Vulnerability Publication Date: 11/1/2016

Reference Information

CVE: CVE-2016-8352

BID: 94062