ICS-CERT Updates Schneider Advisory from Last Week

Today the DHS ICS-CERT updated last week’s advisory for a stack-based buffer overflow vulnerability in the Modbus Serial Driver in a variety of Schneider products. The update corrects the version number of the vulnerable OPC Factory Servers. It also removes the incorrect statement about Schneider not planning on updating other versions and replaces it with:

“Asset owners concerned about the Modbus Serial Driver used for those applications, please contact Schneider Electric Technical Support at:

http://www2.schneider-electric.com/sites/corporate/en/products-services/services/field-services/services-by-business-activity/automation/lifecycle/technical-support.page.”