Schneider Electric ProClima Command Injection Vulnerabilities

CVSS 10.0 CRITICAL

CVEs (5)

CVE-2014-8513 CVE-2014-8514 CVE-2014-9188 CVE-2014-8511 CVE-2014-8512

Schneider Electric has released an updated version of the ProClima software, Version 6.1.7, which mitigates these vulnerabilities. Customers are encouraged to download the new version and update their installations. It is important that customers first uninstall the current version. The new version can be downloaded from Schneider Electric’s web site at the following location: (http://www.schneider-electric.com/ww/en/download/document/ProClima_software)
For further information on these vulnerabilities, please see Schneider Electric’s security notification (SEVD 2014-344-01) at Schneider Electric’s cybersecurity web page: (http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page)

Schneider Electric

Schneider Electric · ProClima <=6.0.1

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.