Schneider Electric OFS Server Vulnerability (Update A)

CVEs (1)

Remediations

• Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version prior to installing any patches: OFS V3.50 – Service Pack 6 can be downloaded from the following URL: (http://www.schneider-electric.com/download/WW/EN/details/703716507-OPC-Factory-Server-V350---Service-Pack-6/?showAsIframe=true&reference=OFS_3_50_2911-(SP6))
• Schneider Electric’s security notice’s SEVD-2015-133-01(13-May-2015) and SEVD-2015-181-01 (V1.1 – 30 June 2015) are available at the following location, respectively: (http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-133-01)
• (http://www.citect.schneider-electric.com/safety-and-security-notifications/36-security-notifications/8915-dll-hijacking-vulnerability)
• Schneider Electric originally released advisory SEVD-2015-181-01 on its SCADA & MES Support secure Portal on May 29, 2015. This public web page release was delayed to allow users time to implement the patch recommended
• SCADA Expert Vijeo Citect/CitectSCADA customers can download the latest Service Packs organized by version at the following location: (http://www.citect.schneider-electric.com/scada/vijeo-citect/downloads-updates/service-packs)
• Additional Schneider Electric Safety and Security Notification information is located at: (http://www.citect.schneider-electric.com/safety-and-security-notifications).

Affected Vendors

Affected Products (4)