October 20, 2011

Researcher Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST) has identified a buffer overflow vulnerability in UnitelWay Windows Device Driver.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer.

This device driver is deployed as part of several different Schneider Electric products:

-  Vijeo Citect V7.20 and all previous versions run on Windows XP
-  OPC Factory Server V3.34 run on Windows XP
-  Telemecanique Driver Pack V2.6 and below
-  Unity Pro V6.0 and all previous versions run on Windows XP
-  Monitor V7.6 and all previous version run on Windows XP
-  PL7 Pro V4.5 SP5 and all previous run on Windows XP

ICSA-11-277-01
ICSA-11-277-01P (released on Oct. 4, 2011 via US-CERT secure Portal)

Schneider security notification – Vulnerability within UnitelWay Windows Device Driver
Schneider security notification - Safety and Security KB (includes link to patch)
Schneider Security Patch
Schneider SCADA, MES and HMI Product Information

No public exploit is available at this time.

CVE-2011-3330
NVD CVE-2011-3330

Secunia Advisory #46534
Secunia Vulnerability Report and Statistics on OPC Factory Server 3.x??
Secunia Vulnerability Report and Statistics on PL7 Pro 4.x
Secunia Vulnerability Report and Statistics on Schneider Electric Monitor 7.x
Secunia Vulnerability Report and Statistics on Telemecanique Driver Pack 2.x
Secunia Vulnerability Report and Statistics on Unity Pro 6.x
Secunia Vulnerability Report and Statistics on Vijeo Citect 7.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50319

Device Driver Vulnerability Found (ISSSource)