Technical FAQs

Ask a Question

Are StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?

 

Issue:
 
Are StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?
 
Product Line:
 
  • StruxureWare Data Center Expert (DCE)
  • NetBotz
 
 
Environment:
 
  • StruxureWare DCE v7.X
  • NetBotz (botzware) v4.X
 
Cause:
 
Schneider Electric has become aware of a critical vulnerability in the daemon that offers file sharing capabilities in Samba. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows allowing Linux, Mac and FreeBSD users to set up and share folders on Windows computers using the server message block (SMB) protocol. Experts say the vulnerability can be exploited with just one line of code and has the potential to spread quickly. Samba versions 3.5 (released March 1, 2010) and onwards are impacted.
 
The vulnerability allows an attacker to open a SMB share (TCP/445), upload a shared library to the writable share, and then cause the server to load and execute it.
 
CVE ID: CVE-2017-7494: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
 
Samba Disclosure: https://www.samba.org/samba/security/CVE-2017-7494.html
 
 
Resolution:
 
  • NetBotz 4.X is not vulnerable to this issue because an unaffected version of Samba is used.
 
  • StruxureWare DCE v7.X runs on Linux but does not export SMB shares, so it is not vulnerable.  Since the Linux OS has samba packages installed that are necessary for client services, security scanners may continue to alert on the presence of CVE-2017-7494.  The next release of DCE v7.X available later in 2017 will include the latest patched libraries.
 
 
Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.
 
Was this helpful?
What can we do to improve the information ?