Schneider Electric Accutech Manager Heap Overflow

Act NowICS-CERT ICSA-13-043-01Nov 16, 2013

Schneider ElectricEnergy

Summary

A heap buffer overflow vulnerability exists in Schneider Electric Accutech Manager version 2.00.1 and earlier. The vulnerability could allow remote exploitation leading to application crash or arbitrary code execution. No vendor patch is currently available for this product.

What this means

What could happen

A heap buffer overflow in Accutech Manager could allow an attacker to crash the application or execute arbitrary code, potentially disrupting energy monitoring and control functions.

Who's at risk

Energy utilities using Accutech Manager for power system monitoring and control should be concerned. This product is typically used for supervisory control and data acquisition (SCADA) functions in electrical distribution systems.

How it could be exploited

An attacker with network access to the Accutech Manager application could send a specially crafted input that triggers a heap buffer overflow, potentially allowing code execution on the system running the manager.

Prerequisites

Network access to Accutech Manager application port or interface
Ability to send malformed input to the vulnerable component

remotely exploitableno patch availablehigh EPSS score (62.3%)

Exploitability

Likely to be exploited — EPSS score 62.3%

Affected products (1)

ProductAffected VersionsFix Status

accutech Manager: <=2.00.1≤ 2.00.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate Accutech Manager on a dedicated network segment or behind a firewall to restrict access to trusted systems only

HARDENINGImplement access controls to limit which users and systems can connect to Accutech Manager

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor Accutech Manager for unexpected crashes or restarts that could indicate exploitation attempts

WORKAROUNDReview network traffic to Accutech Manager for suspicious or malformed inputs

CVEs (1)

CVE-2013-0658

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9f91e199-73b9-441c-93cd-a1d1018c6759

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.