September 1, 2017 Karn Ganeshen

[ICS] Schneider Electric Trio TView – vulnerable JRE versions in use

Vendor: Schneider Electric
Equipment: Trio TView
Vulnerabilities: Multiple Vulnerabilities for Java Runtime Environment

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-213-02

Schneider Electric Advisory
http://www.schneider-electric.com/en/download/document/SEVD-2017-199-01/

AFFECTED PRODUCTS

The following versions of Schneider Electric Trio TView, a management and diagnostics software, are affected:

BACKGROUND


IMPACT

Exploitation of these vulnerabilities may allow a remote attacker to compromise the Trio TView Management Suite.

VULNERABILITY OVERVIEW

A Java Runtime Environment is provided with TView. The Java Runtime Environment 1.6.0u27 is reported to have multiple vulnerabilities which may impact TView Version 3.27.0 and earlier. The breakdown of the vulnerabilities by CVSS score is as follows:

  1. 180 vulnerabilities were identified as having a CVSS base score of 7.0-10,
  2. 161 vulnerabilities were identified as having a CVSS base score of 4.0-6.9, and
  3. 24 vulnerabilities were identified as having a CVSS base score of 0.0-3.9.

+++++

Tagged: , , , , , ,