PT-2016-3716 · Schneider Electric · Landac Ii-2 Rtus+6

David Formby

Published

2016-03-12

Updated

2018-10-30

CVE-2015-6485

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Schneider Electric Telvent Sage 2300 RTUs versions prior to C3413-500-S01 Schneider Electric LANDAC II-2 RTUs versions prior to C3414-500-S02J2 Schneider Electric Sage 1410 RTUs versions prior to C3414-500-S02J2 Schneider Electric Sage 1430 RTUs versions prior to C3414-500-S02J2 Schneider Electric Sage 1450 RTUs versions prior to C3414-500-S02J2 Schneider Electric Sage 2400 RTUs versions prior to C3414-500-S02J2 Schneider Electric Sage 3030M RTUs versions prior to C3414-500-S02J2

Description The issue allows remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.

Recommendations For Schneider Electric Telvent Sage 2300 RTUs versions prior to C3413-500-S01, update to firmware C3413-500-S01 or later. For Schneider Electric LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs versions prior to C3414-500-S02J2, update to firmware C3414-500-S02J2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-6485

Affected Products

Landac Ii-2 Rtus

Sage 1410 Rtus

Sage 1430 Rtus

Sage 1450 Rtus

Sage 2400 Rtus

Sage 3030M Rtus

Telvent Sage 2300 Rtus

PT-2016-3716 · Schneider Electric · Landac Ii-2 Rtus+6

CVE-2015-6485

Weakness Enumeration

Related Identifiers

Affected Products

References · 2