SB2018052426 - Multiple vulnerabilities in Schneider Electric products
Published: May 24, 2018 Updated: February 27, 2025
Security Bulletin ID
SB2018052426
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2016-10395)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds memory read. A remote attacker can trigger memory corruption and cause the service to crash.
2) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)
The vulnerability allows a remote attacker to cause denial of service conditions on the target system.The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
3) Open redirect (CVE-ID: CVE-2017-5571)
The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.The weakness exists due to open redirect in lmadmin component. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.
Remediation
Install update from vendor's website.