Schneider Electric UnitelWay Device Driver Buffer Overflow
October 20, 2011
Researcher Kuang-Chun Hung of Security Research and Service
Institute - Information and Communication Security
Technology Center (ICST) has identified a buffer overflow
vulnerability in UnitelWay Windows Device Driver.
A local attacker can exploit this issue to execute arbitrary
code with elevated privileges, which may facilitate a
complete compromise of the affected computer.
This device driver is deployed as part of several different
Schneider Electric products:
- Vijeo Citect V7.20 and all previous versions run on
Windows XP
- OPC Factory Server V3.34 run on Windows XP
- Telemecanique Driver Pack V2.6 and below
- Unity Pro V6.0 and all previous versions run on
Windows XP
- Monitor V7.6 and all previous version run on Windows
XP
- PL7 Pro V4.5 SP5 and all previous run on Windows XP