OTPulse
FeedAboutContact

Schneider Electric ConneXium Buffer Overflow Vulnerability

Act Now10ICS-CERT ICSA-16-306-01Aug 5, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Schneider Electric ConneXium TCSEFEC series firewalls contain a buffer overflow vulnerability in network packet handling. All versions of the TCSEFEC23F3F20, TCSEFEC23F3F21, TCSEFEC23FCF20, TCSEFEC23FCF21, and TCSEFEC2CF3F20 models are affected. An unauthenticated attacker on the network can send a malicious packet to trigger the overflow, potentially crashing the firewall or executing arbitrary code. No vendor patch is available.

What this means
What could happen
A remote attacker could send a specially crafted network packet to crash the ConneXium firewall or potentially execute arbitrary code, disrupting network connectivity and communications between control systems and field devices.
Who's at risk
Energy utilities and industrial sites using Schneider Electric ConneXium TCSEFEC series managed Ethernet firewalls for network segmentation in control system environments. This affects all versions of these devices with no patch available.
How it could be exploited
An attacker on the network sends a malicious packet designed to overflow a buffer in the firewall's packet processing code. If the overflow is exploited, the attacker gains the ability to execute arbitrary commands on the firewall with no authentication required, potentially allowing them to disable the device or redirect traffic.
Prerequisites
  • Network access to the ConneXium firewall (port/protocol unspecified)
  • No authentication required
remotely exploitableno authentication requiredlow complexityno patch availableaffects network segmentation in critical infrastructure
Exploitability
Moderate exploit probability (EPSS 3.4%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
ConneXium TCSEFEC23F3F20 firewall: vers:all/*All versionsNo fix (EOL)
ConneXium TCSEFEC23F3F21 firewall: vers:all/*All versionsNo fix (EOL)
ConneXium TCSEFEC23FCF20 firewall: vers:all/*All versionsNo fix (EOL)
ConneXium TCSEFEC23FCF21 firewall: vers:all/*All versionsNo fix (EOL)
ConneXium TCSEFEC2CF3F20 firewall: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGIsolate ConneXium firewalls from untrusted networks using network segmentation or an external protection layer (air-gapped network, additional firewall upstream).
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from ConneXium firewalls for suspicious patterns or exploit attempts.
WORKAROUNDContact Schneider Electric to determine if an end-of-life product assessment has been completed and whether a replacement timeline exists.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cd7a2a70-1edf-4481-aa5f-31cecb9b2382
Schneider Electric ConneXium Buffer Overflow Vulnerability | CVSS 10 - OTPulse