First published: Mon Jan 21 2013(Updated: )
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Software Update Utility | =1.0 | |
Schneider-electric Software Update Utility | =1.0.13 | |
Schneider-electric Software Update Utility | =1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.