Multiple Remote Security Vulnerabilities in Schneider Electric Modicon Quantum

Release date:
Updated on:

Affected Systems:
Schneider Electric Modicon Quantum
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51605
Cve id: CVE-2012-0929, CVE-2012-0930, CVE-2012-0931

Schneider Electric is a company that has been committed to improving customers' performance and daily living standards in the power industry. Schneider Electric Group provides products and services for energy and infrastructure, industry, data centers and networks, buildings and residential areas.

Schneider Electric Modicon Quantum has the vulnerability of remote code execution, buffer overflow, security restriction bypass, and cross-site scripting in implementation, attackers can exploit this vulnerability to perform cross-site scripting attacks, leak sensitive information, and control user systems.

<* Source: Project Basecamp

Link: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
Http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03A.pdf
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Schneider Electric
------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.google.com.hk/aclk? Sa = L & ai = ctba_zisntuedd1_mqwk7shmd8pxj4wck_yujccj9p1_caaqavdngywp -____