Details of VAR-201702-0301

ID

VAR-201702-0301

CVE

CVE-2016-8354

TITLE

Schneider Electric Unity PRO Remote code execution vulnerability

Trust: 1.4

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617

DESCRIPTION

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. Unity Pro is a universal IEC61131-3 programming, debugging and runtime software package for Premium, Atrium and Quantum PLCs. A vulnerability could be exploited by a remote attacker to execute arbitrary code in the context of an application and could lead to a denial of service attack. Failed exploit attempts may result in a denial-of-service condition

Trust: 3.24

sources: NVD: CVE-2016-8354 // JVNDB: JVNDB-2016-007988 // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // BID: 93830 // IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // VULHUB: VHN-97174

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.4

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617

AFFECTED PRODUCTS

vendor:	schneider electric	model:	unity pro	scope:	lte	version:	11.0	Trust: 1.0
vendor:	schneider electric	model:	unity pro	scope:	lt	version:	11.1	Trust: 0.8
vendor:	schneider	model:	electric unity pro	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric unity pro	scope:	lt	version:	11.1	Trust: 0.6
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	11.0	Trust: 0.6
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	8	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	7.0	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	6.1	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	6.0	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	6	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	11	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	10	Trust: 0.3
vendor:	schneider electric	model:	unity pro	scope:	ne	version:	11.1	Trust: 0.3
vendor:	unity pro	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // BID: 93830 // JVNDB: JVNDB-2016-007988 // CNNVD: CNNVD-201610-902 // NVD: CVE-2016-8354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8354
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8354
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-10461
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2016-10617
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201610-902
value:	MEDIUM
Trust: 0.6
IVD:	3d0e9372-604f-483c-81b6-d6ca426de8cc
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-97174
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8354
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-10461
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2016-10617
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3d0e9372-604f-483c-81b6-d6ca426de8cc
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-97174
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8354
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // VULHUB: VHN-97174 // JVNDB: JVNDB-2016-007988 // CNNVD: CNNVD-201610-902 // NVD: CVE-2016-8354

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-97174 // JVNDB: JVNDB-2016-007988 // NVD: CVE-2016-8354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-902

TYPE

Code injection

Trust: 0.8

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNNVD: CNNVD-201610-902

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007988

PATCH

title:	SEVD-2016-288-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-288-01	Trust: 0.8
title:	Patch for Schneider Electric Unity PRO Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/83328	Trust: 0.6
title:	Patch for Schneider Electric Unity Pro Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/83536	Trust: 0.6
title:	Schneider Electric Unity Pro Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65221	Trust: 0.6

sources: CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // JVNDB: JVNDB-2016-007988 // CNNVD: CNNVD-201610-902

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8354	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-306-03	Trust: 3.4
db:	BID	id:	93830	Trust: 2.6
db:	CNNVD	id:	CNNVD-201610-902	Trust: 0.9
db:	CNVD	id:	CNVD-2016-10461	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007988	Trust: 0.8
db:	CNVD	id:	CNVD-2016-10617	Trust: 0.6
db:	SCHNEIDER	id:	SEVD-2016-288-01	Trust: 0.3
db:	IVD	id:	3D0E9372-604F-483C-81B6-D6CA426DE8CC	Trust: 0.2
db:	VULHUB	id:	VHN-97174	Trust: 0.1

sources: IVD: 3d0e9372-604f-483c-81b6-d6ca426de8cc // CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // VULHUB: VHN-97174 // BID: 93830 // JVNDB: JVNDB-2016-007988 // CNNVD: CNNVD-201610-902 // NVD: CVE-2016-8354

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-306-03	Trust: 3.4
url:	http://www.securityfocus.com/bid/93830	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8354	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8354	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	http://download.schneider-electric.com/files?p_reference=sevd-2016-288-01&p_endoctype=technical%20leaflet&p_file_id=4837908514&p_file_name=sevd-2016-288-01+unity+simulator.pdf	Trust: 0.3

sources: CNVD: CNVD-2016-10461 // CNVD: CNVD-2016-10617 // VULHUB: VHN-97174 // BID: 93830 // JVNDB: JVNDB-2016-007988 // CNNVD: CNNVD-201610-902 // NVD: CVE-2016-8354

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93830

SOURCES

db:	IVD	id:	3d0e9372-604f-483c-81b6-d6ca426de8cc
db:	CNVD	id:	CNVD-2016-10461
db:	CNVD	id:	CNVD-2016-10617
db:	VULHUB	id:	VHN-97174
db:	BID	id:	93830
db:	JVNDB	id:	JVNDB-2016-007988
db:	CNNVD	id:	CNNVD-201610-902
db:	NVD	id:	CVE-2016-8354

LAST UPDATE DATE

2025-04-20T23:31:03.959000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10461	date:	2016-11-01T00:00:00
db:	CNVD	id:	CNVD-2016-10617	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97174	date:	2017-03-15T00:00:00
db:	BID	id:	93830	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-007988	date:	2017-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-902	date:	2016-11-02T00:00:00
db:	NVD	id:	CVE-2016-8354	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	3d0e9372-604f-483c-81b6-d6ca426de8cc	date:	2016-11-01T00:00:00
db:	CNVD	id:	CNVD-2016-10461	date:	2016-11-01T00:00:00
db:	CNVD	id:	CNVD-2016-10617	date:	2016-11-04T00:00:00
db:	VULHUB	id:	VHN-97174	date:	2017-02-13T00:00:00
db:	BID	id:	93830	date:	2016-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-007988	date:	2017-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-902	date:	2016-11-02T00:00:00
db:	NVD	id:	CVE-2016-8354	date:	2017-02-13T21:59:00.860