Important security notification – Schneider-Electric Software Update « SESU »
●The Schneider Electric software suite has a centralized update mechanism for updating Schneider software on a Windows PC. The software on the customer PC uses the update service as the mechanism of communication with the update server in order to receive periodic software updates. This Vulnerability has a non signed communication between the SESU client on the customer PC and the Software Update server. Under certain circumstances and conditions this communication has the potential to execute arbitrary code on a vulnerable system which could result in unexpected consequences. This vulnerability was discovered during cyber security research both by an external researcher and by Schneider Electric internal investigations. There is no evidence that this vulnerability has been exploited. This vulnerability would require network access to the target device.
●Schneider Electric takes these vulnerabilities very seriously and we have devoted resources to immediately investigate and address these issues. We believe it is critical to consider the whole picture, including safety, security and reliability. Any patches/solutions/mitigations we release will be carefully tested to ensure that they can be deployed in a manner that is both safe and secure.
|
|
|
|
|
|
|
Technical Documentation |
|
|
|
|
Please see the document for details |
|
|
|
|
|
|
|
|
|
|
|
English Chinese Chinese and English Japanese |
|
|
2013/1/30 |
|
|
|
|
|
|
|
|
22 KB |
- +1 Like
- Add to Favorites
Recommend
All reproduced articles on this site are for the purpose of conveying more information and clearly indicate the source. If media or individuals who do not want to be reproduced can contact us, which will be deleted.
Integrated Circuits
Discrete Components
Connectors & Structural Components
Assembly UnitModules & Accessories
Power Supplies & Power Modules
Electronic Materials
Instrumentation & Test Kit
Electrical Tools & Materials
Mechatronics
Processing & Customization
