Schneider Electric SoMachine and Modicon CVE-2017-7574 Security Bypass Vulnerability

Schneider Electric SoMachine and Modicon are prone to a security-bypass vulnerability.

A remote attacker may leverage this issue to gain root access to the affected system.

Schneider Electric Schneider SoMachine Basic 1.4 SP1, Schneider Modicon TM221CE16R with Firmware 1.3.3.3 are affected.

Information

Bugtraq ID: 97518
Class: Design Error
CVE: CVE-2017-7574

Remote: Yes
Local: No
Published: Apr 06 2017 12:00AM
Updated: Apr 17 2017 02:06PM
Credit: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg.
Vulnerable: Schneider-Electric SoMachine Basic 1.5
Schneider-Electric SoMachine Basic 1.4 SP1
Schneider-Electric Modicon TM221CE16R 1.3.3.3
Schneider-Electric Modicon M221 1.5.0.1
Schneider-Electric Modicon M221 1.5.0.0

Not Vulnerable:

References:

• Schneider Electric Homepage (Schneider Electric)
  
• ICSA-17-103-02:Schneider Electric Modicon M221 PLCs and SoMachine Basic (CERT)
  
• OS-S Security Advisory 2017-02 (OS-S)
  

Source: www.securityfocus.com