Intrusion Prevention

Schneider.Electric.ProClima.F1BookView.Memory.Corruption

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in Schneider Electric ProClima.
The vulnerability is due to improper checking on user supplied data while the vulnerable method handles incoming request. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary code within the context of the application.

Affected Products

Schneider Electric ProClima prior to 6.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor
http://download.schneider-electric.com/library/downloads/WW/en/document/SEVD-2015-329-01

CVE References

CVE-2015-7918 CVE-2015-8561

Other References

ICSA-15-335-02