Schneider Electric Security Notification – Nov 2018

A reminder to Schneider customer – official security alert!

Preface:
DLL file is in SysWOW64 folder and someone places a counterfeit dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the counterfeit dll file, as it has the same name as the DLL requested by the application. Once in memory, it can execute the malicious code contained in the file and may compromise your computer or networks.

Vulnerability:
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

Remedy:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-298-01+Schneider+Electric+Software+Update+%28SESU%29V1.1.pdf&p_Doc_Ref=SEVD-2018-298-01

Additional – Modicon M221:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-270-01+Modicon+M221.pdf&p_Doc_Ref=SEVD-2018-270-01