Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-10395 (GCVE-0-2016-10395)
Vulnerability from cvelistv5 – Published: 2017-06-15 16:00 – Updated: 2024-08-06 03:21
VLAI?
EPSS
Summary
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds memory read access leading to local user privilege escalation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://secuniaresearch.flexerasoftware.com/advis… | x_refsource_MISC |
| https://www.citect.schneider-electric.com/safety-… | x_refsource_CONFIRM |
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://www.schneider-electric.com/en/download/do… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Affected:
Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform
|
Date Public ?
2017-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
}
]
}
],
"datePublic": "2017-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds memory read access leading to local user privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T19:57:02.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2016-10395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds memory read access leading to local user privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2016-10395",
"datePublished": "2017-06-15T16:00:00.000Z",
"dateReserved": "2017-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:21:51.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-10395",
"date": "2026-05-13",
"epss": "0.00069",
"percentile": "0.21082"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-10395\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2017-06-15T16:29:00.187\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.\"},{\"lang\":\"es\",\"value\":\"En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\u00edmites y consecuentemente ejecutar un c\u00f3digo aleatorio en los privilegios de SYSTEM.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.14.1\",\"matchCriteriaId\":\"27B21AC4-B047-470E-BE67-A503B6E935A9\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76368/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76368/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Flexera Software\",\"comment\":\"The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\",\"lastModified\":\"2017-08-16T13:15:04.617\"}]}}"
}
}
CNVD-2018-12134
Vulnerability from cnvd - Published: 2018-06-27
VLAI Severity ?
Title
Flexera Software FlexNet Publisher Licensing Service任意代码执行漏洞
Description
Flexera Software FlexNet Publisher(前称FLEXlm)是美国富莱睿(Flexera Software)公司的一款授权关系管理解决方案(Entitlement Relationship Management Solution)中的软件授权管理核心组件。FlexNet Publisher Licensing Service是一个软件许可码激活验证的服务。
基于Windows平台的Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)版本中的FlexNet Publisher Licensing Service中存在安全漏洞。攻击者可利用该漏洞以系统权限执行任意代码。
Severity
高
Patch Name
Flexera Software FlexNet Publisher Licensing Service任意代码执行漏洞的补丁
Patch Description
Flexera Software FlexNet Publisher(前称FLEXlm)是美国富莱睿(Flexera Software)公司的一款授权关系管理解决方案(Entitlement Relationship Management Solution)中的软件授权管理核心组件。FlexNet Publisher Licensing Service是一个软件许可码激活验证的服务。
基于Windows平台的Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)版本中的FlexNet Publisher Licensing Service中存在安全漏洞。攻击者可利用该漏洞以系统权限执行任意代码。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.flexerasoftware.com/
Reference
https://secuniaresearch.flexerasoftware.com/advisories/76368/
Impacted products
| Name | Flexera Software FlexNet Publisher 11.14.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-10395"
}
},
"description": "Flexera Software FlexNet Publisher\uff08\u524d\u79f0FLEXlm\uff09\u662f\u7f8e\u56fd\u5bcc\u83b1\u777f\uff08Flexera Software\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002FlexNet Publisher Licensing Service\u662f\u4e00\u4e2a\u8f6f\u4ef6\u8bb8\u53ef\u7801\u6fc0\u6d3b\u9a8c\u8bc1\u7684\u670d\u52a1\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)\u7248\u672c\u4e2d\u7684FlexNet Publisher Licensing Service\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Schneider Electric",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.flexerasoftware.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12134",
"openTime": "2018-06-27",
"patchDescription": "Flexera Software FlexNet Publisher\uff08\u524d\u79f0FLEXlm\uff09\u662f\u7f8e\u56fd\u5bcc\u83b1\u777f\uff08Flexera Software\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002FlexNet Publisher Licensing Service\u662f\u4e00\u4e2a\u8f6f\u4ef6\u8bb8\u53ef\u7801\u6fc0\u6d3b\u9a8c\u8bc1\u7684\u670d\u52a1\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)\u7248\u672c\u4e2d\u7684FlexNet Publisher Licensing Service\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Flexera Software FlexNet Publisher Licensing Service\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Flexera Software FlexNet Publisher 11.14.1"
},
"referenceLink": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"serverity": "\u9ad8",
"submitTime": "2018-06-07",
"title": "Flexera Software FlexNet Publisher Licensing Service\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2016-10395
Vulnerability from fkie_nvd - Published: 2017-06-15 16:29 - Updated: 2026-05-13 00:24
Severity ?
Summary
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B21AC4-B047-470E-BE67-A503B6E935A9",
"versionEndIncluding": "11.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
},
{
"lang": "es",
"value": "En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\u00edmites y consecuentemente ejecutar un c\u00f3digo aleatorio en los privilegios de SYSTEM."
}
],
"id": "CVE-2016-10395",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T16:29:00.187",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vendorComments": [
{
"comment": "The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"lastModified": "2017-08-16T13:15:04.617",
"organization": "Flexera Software"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2018-AVI-254
Vulnerability from certfr_avis - Published: 2018-05-25 - Updated: 2018-05-28
De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | SoMachine Basic toutes versions antérieures à 1.6 SP1 | ||
| Schneider Electric | N/A | EcoStructure Modicon Builder versions antérieures à V3.1 | ||
| Schneider Electric | N/A | PlantStruxure PES version 4.3 SP1et antérieures |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SoMachine Basic toutes versions ant\u00e9rieures \u00e0 1.6 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStructure Modicon Builder versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PlantStruxure PES version 4.3 SP1et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7783"
},
{
"name": "CVE-2016-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
},
{
"name": "CVE-2016-10395",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
},
{
"name": "CVE-2017-5571",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5571"
}
],
"initial_release_date": "2018-05-25T00:00:00",
"last_revision_date": "2018-05-28T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-254",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-05-25T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
"revision_date": "2018-05-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-142-01 du 22 mai 2018",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-137-01 du 17 mai 2018",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
}
]
}
CERTFR-2018-AVI-089
Vulnerability from certfr_avis - Published: 2018-02-16 - Updated: 2018-02-16
De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Floating License Manager versions antérieures à v2.1.0.0 | ||
| Schneider Electric | N/A | Energy Expert versions 1.x antérieures à 1.3 avec le dernier correctif de sécurité installé | ||
| Schneider Electric | N/A | StruxureWare Power Monitoring Expert versions 7.2.x antérieures à 7.2.2 avec le dernier correctif de sécurité installé | ||
| Schneider Electric | N/A | EcoStruxure Power Monitoring Expert versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé | ||
| Schneider Electric | N/A | Power SCADA Operations versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Floating License Manager versions ant\u00e9rieures \u00e0 v2.1.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Energy Expert versions 1.x ant\u00e9rieures \u00e0 1.3 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare Power Monitoring Expert versions 7.2.x ant\u00e9rieures \u00e0 7.2.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Monitoring Expert versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Power SCADA Operations versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
},
{
"name": "CVE-2016-10395",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
},
{
"name": "CVE-2016-5571",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5571"
}
],
"initial_release_date": "2018-02-16T00:00:00",
"last_revision_date": "2018-02-16T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-089",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric du 15 f\u00e9vrier 2018",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
}
]
}
GHSA-7937-G7XQ-56G3
Vulnerability from github – Published: 2022-05-14 03:20 – Updated: 2025-04-20 03:39
VLAI?
Details
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-10395"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-15T16:29:00Z",
"severity": "HIGH"
},
"details": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
"id": "GHSA-7937-g7xq-56g3",
"modified": "2025-04-20T03:39:12Z",
"published": "2022-05-14T03:20:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10395"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"type": "WEB",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368"
},
{
"type": "WEB",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-10395
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-10395",
"description": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
"id": "GSD-2016-10395",
"references": [
"https://www.suse.com/security/cve/CVE-2016-10395.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-10395"
],
"details": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
"id": "GSD-2016-10395",
"modified": "2023-12-13T01:21:26.857769Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2016-10395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds memory read access leading to local user privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.14.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2016-10395"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"tags": [],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-05-30T01:29Z",
"publishedDate": "2017-06-15T16:29Z"
}
}
}
ICSA-18-144-01
Vulnerability from csaf_cisa - Published: 2018-05-24 00:00 - Updated: 2018-05-24 00:00Summary
Schneider Electric Floating License Manager
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.
Critical infrastructure sectors: Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems
Countries/areas deployed: Worldwide
Company headquarters location: France
Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Exploitability: No known public exploits specifically target these vulnerabilities.
9.8 (Critical)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EcoStruxure Modicon Builder: V3.0 and prior
Schneider Electric Software, LLC / EcoStruxure Modicon Builder
|
<= 3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power Monitoring Expert: 8.2 (Standard DC HC Editions)
Schneider Electric Software, LLC / EcoStruxure Power Monitoring Expert
|
8.2 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
SCADA Expert Vijeo Citect / CitectSCADA: Version 7.30 7.40
Schneider Electric Software, LLC / SCADA Expert Vijeo Citect / CitectSCADA
|
7.30 | 7.40 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Energy Expert: 1.x (formerly Power Manager)
Schneider Electric Software, LLC / Energy Expert
|
1.x (formerly Power Manager) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power SCADA Operations: 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)
Schneider Electric Software, LLC / EcoStruxure Power SCADA Operations
|
8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 7.2.x
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
7.2.x |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Vijeo Historian/CitectHistorian: Version 4.40 4.50
Schneider Electric Software, LLC / Vijeo Historian/CitectHistorian
|
4.40 | 4.50 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.1 (Standard DC HC Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
PlantStruxure PES: V4.3 SP1 and prior
Schneider Electric Software, LLC / PlantStruxure PES
|
<=8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.0 (Standard DC HC Buildings Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.0 (Standard DC HC Buildings Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectSCADA: Version 2015 2016
Schneider Electric Software, LLC / CitectSCADA
|
2015 | 2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectHistorian: Version 2016
Schneider Electric Software, LLC / CitectHistorian
|
2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.8 (High)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EcoStruxure Modicon Builder: V3.0 and prior
Schneider Electric Software, LLC / EcoStruxure Modicon Builder
|
<= 3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power Monitoring Expert: 8.2 (Standard DC HC Editions)
Schneider Electric Software, LLC / EcoStruxure Power Monitoring Expert
|
8.2 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
SCADA Expert Vijeo Citect / CitectSCADA: Version 7.30 7.40
Schneider Electric Software, LLC / SCADA Expert Vijeo Citect / CitectSCADA
|
7.30 | 7.40 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Energy Expert: 1.x (formerly Power Manager)
Schneider Electric Software, LLC / Energy Expert
|
1.x (formerly Power Manager) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power SCADA Operations: 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)
Schneider Electric Software, LLC / EcoStruxure Power SCADA Operations
|
8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 7.2.x
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
7.2.x |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Vijeo Historian/CitectHistorian: Version 4.40 4.50
Schneider Electric Software, LLC / Vijeo Historian/CitectHistorian
|
4.40 | 4.50 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.1 (Standard DC HC Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
PlantStruxure PES: V4.3 SP1 and prior
Schneider Electric Software, LLC / PlantStruxure PES
|
<=8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.0 (Standard DC HC Buildings Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.0 (Standard DC HC Buildings Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectSCADA: Version 2015 2016
Schneider Electric Software, LLC / CitectSCADA
|
2015 | 2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectHistorian: Version 2016
Schneider Electric Software, LLC / CitectHistorian
|
2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EcoStruxure Modicon Builder: V3.0 and prior
Schneider Electric Software, LLC / EcoStruxure Modicon Builder
|
<= 3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power Monitoring Expert: 8.2 (Standard DC HC Editions)
Schneider Electric Software, LLC / EcoStruxure Power Monitoring Expert
|
8.2 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
SCADA Expert Vijeo Citect / CitectSCADA: Version 7.30 7.40
Schneider Electric Software, LLC / SCADA Expert Vijeo Citect / CitectSCADA
|
7.30 | 7.40 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Energy Expert: 1.x (formerly Power Manager)
Schneider Electric Software, LLC / Energy Expert
|
1.x (formerly Power Manager) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
EcoStruxure Power SCADA Operations: 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)
Schneider Electric Software, LLC / EcoStruxure Power SCADA Operations
|
8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 7.2.x
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
7.2.x |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Vijeo Historian/CitectHistorian: Version 4.40 4.50
Schneider Electric Software, LLC / Vijeo Historian/CitectHistorian
|
4.40 | 4.50 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.1 (Standard DC HC Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
PlantStruxure PES: V4.3 SP1 and prior
Schneider Electric Software, LLC / PlantStruxure PES
|
<=8.1 (Standard DC HC Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
StruxureWare Power Monitoring Expert: 8.0 (Standard DC HC Buildings Editions)
Schneider Electric Software, LLC / StruxureWare Power Monitoring Expert
|
8.0 (Standard DC HC Buildings Editions) |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectSCADA: Version 2015 2016
Schneider Electric Software, LLC / CitectSCADA
|
2015 | 2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
CitectHistorian: Version 2016
Schneider Electric Software, LLC / CitectHistorian
|
2016 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
11 references
Acknowledgments
Schneider Electric
{
"document": {
"acknowledgments": [
{
"organization": "Schneider Electric",
"summary": "reporting these vulnerabilities to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "France",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-18-144-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-144-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-144-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-144-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-144-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
}
],
"title": "Schneider Electric Floating License Manager",
"tracking": {
"current_release_date": "2018-05-24T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-144-01",
"initial_release_date": "2018-05-24T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-05-24T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-18-144-01 Schneider Electric Floating License Manager"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.0",
"product": {
"name": "EcoStruxure Modicon Builder: V3.0 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "EcoStruxure Modicon Builder"
},
{
"branches": [
{
"category": "product_version",
"name": "8.2 (Standard DC HC Editions)",
"product": {
"name": "EcoStruxure Power Monitoring Expert: 8.2 (Standard DC HC Editions)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "EcoStruxure Power Monitoring Expert"
},
{
"branches": [
{
"category": "product_version",
"name": "7.30 | 7.40",
"product": {
"name": "SCADA Expert Vijeo Citect / CitectSCADA: Version 7.30 7.40",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCADA Expert Vijeo Citect / CitectSCADA"
},
{
"branches": [
{
"category": "product_version",
"name": "1.x (formerly Power Manager)",
"product": {
"name": "Energy Expert: 1.x (formerly Power Manager)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Energy Expert"
},
{
"branches": [
{
"category": "product_version",
"name": "8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)",
"product": {
"name": "EcoStruxure Power SCADA Operations: 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "EcoStruxure Power SCADA Operations"
},
{
"branches": [
{
"category": "product_version",
"name": "7.2.x",
"product": {
"name": "StruxureWare Power Monitoring Expert: 7.2.x",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "StruxureWare Power Monitoring Expert"
},
{
"branches": [
{
"category": "product_version",
"name": "4.40 | 4.50",
"product": {
"name": "Vijeo Historian/CitectHistorian: Version 4.40 4.50",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Vijeo Historian/CitectHistorian"
},
{
"branches": [
{
"category": "product_version",
"name": "8.1 (Standard DC HC Editions)",
"product": {
"name": "StruxureWare Power Monitoring Expert: 8.1 (Standard DC HC Editions)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "StruxureWare Power Monitoring Expert"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=8.1 (Standard DC HC Editions)",
"product": {
"name": "PlantStruxure PES: V4.3 SP1 and prior",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "PlantStruxure PES"
},
{
"branches": [
{
"category": "product_version",
"name": "8.0 (Standard DC HC Buildings Editions)",
"product": {
"name": "StruxureWare Power Monitoring Expert: 8.0 (Standard DC HC Buildings Editions)",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "StruxureWare Power Monitoring Expert"
},
{
"branches": [
{
"category": "product_version",
"name": "2015 | 2016",
"product": {
"name": "CitectSCADA: Version 2015 2016",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "CitectSCADA"
},
{
"branches": [
{
"category": "product_version",
"name": "2016",
"product": {
"name": "CitectHistorian: Version 2016",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "CitectHistorian"
}
],
"category": "vendor",
"name": "Schneider Electric Software, LLC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2177",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "OpenSSL incorrectly uses pointer arithmetic for heap-buffer boundary checks, which may allow denial of service attacks or other unspecified behavior.CVE-2016-2177 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
},
{
"category": "mitigation",
"details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
},
{
"category": "mitigation",
"details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
},
{
"category": "mitigation",
"details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
}
]
},
{
"cve": "CVE-2016-10395",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability can be exploited to cause an out-of-bounds memory read access, which may allow remote code execution with system privileges.CVE-2016-10395 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10395"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
},
{
"category": "mitigation",
"details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
},
{
"category": "mitigation",
"details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
},
{
"category": "mitigation",
"details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
}
]
},
{
"cve": "CVE-2017-5571",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An open redirect vulnerability has been identified, which may allow remote attackers to redirect users to arbitrary websites for phishing attacks.CVE-2017-5571 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5571"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
},
{
"category": "mitigation",
"details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
},
{
"category": "mitigation",
"details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
},
{
"category": "mitigation",
"details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"category": "mitigation",
"details": "Schneider Electric has also released security notifications which contain further details and upgrade",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012"
]
}
]
}
]
}
BDU:2017-01630
Vulnerability from fstec - Published: 15.06.2017
VLAI Severity ?
Title
Уязвимость программного средства управления лицензиями FlexNet Publisher, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программного средства управления лицензиями FlexNet Publisher вызвана выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с привилегиями системы
Severity ?
Vendor
Flexera Software
Software Name
FlexNet Publisher
Software Version
до Luton SP1 (11.14.1.1) (FlexNet Publisher)
Possible Mitigations
Использование рекомендации: https://secuniaresearch.flexerasoftware.com/advisories/76368/
Reference
https://secuniaresearch.flexerasoftware.com/advisories/76368/
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Flexera Software",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e Luton SP1 (11.14.1.1) (FlexNet Publisher)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.06.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.07.2017",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2017-01630",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-10395",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "FlexNet Publisher",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 32-bit, Apple Inc. MacOS X 64-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u044f\u043c\u0438 FlexNet Publisher, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u044f\u043c\u0438 FlexNet Publisher \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…