Discover our Clipsal Smart Home packages as seen on The Block 2018

in location

OR

I'm looking for

  • Wholesalers
    • Uncheck All Check All
  • EXPERTISE
    • Expand
    • Expand
    • Expand
    • Uncheck All Check All
  • Switchboard Manufacturers
    • Uncheck All Check All
OR

The best way to see what Clipsal electric products can do for your home is seeing them in action at a Clipsal Display Centre.

Product stock may vary according to location. If you're after a specific product range, please check with your chosen location before visiting.

10 Results
    Load More Load Complete
    Change Location

    Are StruxureWare DCE or NetBotz products vulnerable to Stack Clash (CVE-2017-1000364 and related IDs)?

     

    Issue:
     
    Are StruxureWare DCE or NetBotz vulnerable to "Stack Clash" (CVE-2017-1000364 and related IDs)? 
     
    Product Line:
     
    • StruxureWare Data Center Expert (DCE)
    • NetBotz
     
     
    Environment:
     
    • StruxureWare DCE v7.X
    • NetBotz (botzware) v4.X
     
    Cause:
     
    Schneider Electric has become aware of a vulnerability in the memory management of several operating systems referred to as the Stack Clash. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. Qualys researchers discovered this vulnerability and developed seven exploits and seven proofs of concept for this weakness, then worked closely with vendors to develop patches.
     
    Qualys blog: https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash 

    Primary CVE ID: CVE-2017-1000364 | Related CVE IDs: CVE-2017-1000365CVE-2017-1000367
     
     
    Resolution:
     
    • NetBotz 4.X is not vulnerable to this issue because NetBotz doesn’t use glibc and it also doesn’t use a kernel that is vulnerable.
     
    • StruxureWare DCE v7.X is “vulnerable”, as it would show in security scans. However, to exploit the vulnerability, an individual needs local system access and DCE does not provide local unprivileged user shell access. This means there is nothing to exploit. Since the Linux OS has affected packages installed that are part of the overall OS, security scanners may continue to alert on the presence of associated CVE IDs. The next release of DCE v7.X available later in 2017 will include the latest patched libraries. 

    Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.
     

    Didn’t find what you were looking for?

    Try Searching Again View Our Categories

    Need further assistance?

    Our Customer Care department provides total customer service solutions for our residential, industrial and commercial applications.

    Get Assistance