Today the DHS ICS-CERT published yet another advisory for a vulnerability in a product from Schneider Electric. This one is for a buffer overflow vulnerability in the OPC Factory Server (OFS). The vulnerability was reported by Wei Gao, formerly of IXIA. Schneider has produced an update that mitigates the vulnerability and Wei Gao has verified the efficacy of the patch. Interestingly the Schneider published advisory does not mention Wei Gao.
ICS-CERT reports that a relatively low skilled attacker could remotely exploit this ActiveX based vulnerability to execute a denial of service attack by causing the device to re-boot.
Schneider reports that the patch includes a patched version of the OLE2T macro from Microsoft. This is also noted in the ICS-CERT advisory. I wonder what other programs are using the vulnerable version of OLE2T?