Schneider Electric Accutech Manager Heap Overflow

CVEs (1)

Remediations

• Schneider Electric has released an update (http://www.schneider-electric.com/download/ww/en/results/0/1555898-Software--Released/28460036-Accutech) that mitigates this vulnerability. The researcher has tested the update and verified that it fixes the vulnerability.
• This update is available at the Schneider Electric Website (http://www.schneider-electric.com/download/ww/en/results/0/1555898-Software--Released/28460036-Accutech/).
• Schneider Electric also recommends that users implement the following steps until the update can be applied: Close the Accutech Manager software tool’s server component when not in use. Obtain guidance from Schneider Electric’s cybersecurity recommendations Web page (http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page). Check with Schneider Electric, and apply the maintenance update as soon as it becomes available.
• One specific strategy that can mitigate the risk associated with the vulnerability is to ensure that the vulnerable port (2537/TCP) is not accessible from the Internet.

Affected Vendors

Affected Products (1)