Schneider Electric UnitelWay Buffer Overflow

CVSS 7.2 HIGH

CVEs (1)

CVE-2011-3330

Schneider Electric has created a fix that modifies one of the libraries of the UnitelWay Windows Device Driver. Schneider Electric has also issued a customer notification describing the vulnerability. Vulnerability within UnitelWay Windows Device Driver, (http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page).
Schneider Electric recommends that since the functionality of the existing version is not affected by the installation of the fix, all customers should install the fix, which is available at the following address: (http://www.scada.schneider-electric.com/download/security/HFPEP0047398R.zip)
Schneider Electric recommends that users requiring additional assistance contact their global support center or a local customer service center. Contact information is available at the following web addresses.
Vijeo Citect users should contact Schneider Electric’s SCADA and MES Software Support Center.
Users of all other affected Schneider Electric products should contact their local support center. (http://www2.schneider-electric.com/sites/corporate/en/support/operations/local-operations/local-operations.page)

Schneider Electric

Schneider Electric · Unity Pro Windows XP <=6

Schneider Electric · OPC Factory Server Windows XP 3.34

Schneider Electric · Vijeo Citect Windows XP <=7.20

Schneider Electric · Telemecanique Driver Pack Windows XP <=2.6

Schneider Electric · Monitor Pro Windows XP <=7.6

Schneider Electric · PL7 Pro Windows XP <=4.5

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.