Schneider Electric Zelio Soft 2 CVE-2018-7817 Remote Code Execution Vulnerability

Bugtraq ID:	106481
Class:	Input Validation Error
CVE:	CVE-2018-7817
Remote:	Yes
Local:	No
Published:	Jan 08 2019 12:00AM
Updated:	Feb 08 2019 04:00AM
Credit:	Trend Micro�??s Zero Day Initiative working with rgod and mdm of 9SG Security Team
Vulnerable:	Schneider-Electric Zelio Soft 2 5.1
Not Vulnerable:	Schneider-Electric Zelio Soft 2 5.2

Schneider Electric Zelio Soft 2 CVE-2018-7817 Remote Code Execution Vulnerability

Schneider Electric Modicon Quantum is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code in the context of the affected system.

Zelio Soft 2 Versions 5.1 and prior are vulnerable.

Schneider Electric Zelio Soft 2 CVE-2018-7817 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Schneider Electric Zelio Soft 2 CVE-2018-7817 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Schneider Electric Zelio Soft 2 CVE-2018-7817 Remote Code Execution Vulnerability

References:

• Schneider Electric Homepage (Schneider Electric)
  
• ICSA-19-008-01:Schneider Electric Zelio Soft 2 (ICS-CERT)
  
• Security Notification - Zelio Soft (Schneider Electric)