FortiClient Vulnerability

Critical Man-in-the-Middle Vulnerability for Schneider Electric Software Update

Description

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

Affected Applications

Schneider Electric Software Update

CVE References

CVE-2013-0655

Other References

https://nvd.nist.gov/vuln/detail/CVE-2013-0655

ID	69773
Created	Nov 25, 2021
Description Updated	Feb 16, 2022
Risk
Coverage	FortiClient
OS	Windows
Vendor	Schneider Electric
Patch	manual
Application	Schneider Electric Software Update

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Critical Man-in-the-Middle Vulnerability for Schneider Electric Software Update

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Critical Man-in-the-Middle Vulnerability for Schneider Electric Software Update

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center