Discover our Clipsal Smart Home packages as seen on the Block

in location

OR

I'm looking for

  • Wholesalers
    • Uncheck All Check All
  • EXPERTISE
    • Expand
    • Expand
    • Expand
    • Uncheck All Check All
  • Switchboard Manufacturers
    • Uncheck All Check All
OR

The best way to see what Clipsal electric products can do for your home is seeing them in action at a Clipsal Display Centre.

Product stock may vary according to location. If you're after a specific product range, please check with your chosen location before visiting.

10 Results
    Load More Load Complete
    Change Location

    Are StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?

     

    Issue:
     
    Are StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?
     
    Product Line:
     
    • StruxureWare Data Center Expert (DCE)
    • NetBotz
     
     
    Environment:
     
    • StruxureWare DCE v7.X
    • NetBotz (botzware) v4.X
     
    Cause:
     
    Schneider Electric has become aware of a critical vulnerability in the daemon that offers file sharing capabilities in Samba. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows allowing Linux, Mac and FreeBSD users to set up and share folders on Windows computers using the server message block (SMB) protocol. Experts say the vulnerability can be exploited with just one line of code and has the potential to spread quickly. Samba versions 3.5 (released March 1, 2010) and onwards are impacted.
     
    The vulnerability allows an attacker to open a SMB share (TCP/445), upload a shared library to the writable share, and then cause the server to load and execute it.
     
    CVE ID: CVE-2017-7494: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
     
    Samba Disclosure: https://www.samba.org/samba/security/CVE-2017-7494.html
     
     
    Resolution:
     
    • NetBotz 4.X is not vulnerable to this issue because an unaffected version of Samba is used.
     
    • StruxureWare DCE v7.X runs on Linux but does not export SMB shares, so it is not vulnerable.  Since the Linux OS has samba packages installed that are necessary for client services, security scanners may continue to alert on the presence of CVE-2017-7494.  The next release of DCE v7.X available later in 2017 will include the latest patched libraries.
     
     
    Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.
     

    Didn’t find what you were looking for?

    Try Searching Again View Our Categories

    Need further assistance?

    Our Customer Care department provides total customer service solutions for our residential, industrial and commercial applications.

    Get Assistance