Schneider Electric Serial Modbus Driver Buffer Overflow (Update A)

CVEs (1)

Remediations

• Schneider Electric has released a security notification with further information on this vulnerability and how to mitigate it: (http://download.schneider-electric.com/files?p_Doc_Ref=SEVD 2013-070-01).
• Schneider Electric recommends that products that use this driver be updated with the latest version of software.
• New versions of OFS V3.5 and Unity Pro V8 include the updated ModbusDriverSuite.
• For the other products listed above, the updated ModbusDriverSuite will be implemented with each new version of those software products. Asset owners concerned about the Modbus Serial Driver used for those applications, please contact Schneider Electric Technical Support at: (http://www2.schneider-electric.com/sites/corporate/en/products-services/services/field-services/services-by-business-activity/automation/lifecycle/technical-support.page).
• Until this software can be updated in the vulnerable devices, Schneider Electric recommends a defense-in-depth strategy, which includes locating the PLCs and devices running the vulnerable software behind firewalls configured to limit access to authorized personnel and protocols.

Affected Vendors

Affected Products (16)