Search FAQs

Is StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?

Issue:
Are StruxureWare DCE or NetBotz vulnerable to CVE-2017-7494 (Samba related vulnerability)?

Product Line
StruxureWare Data Center Expert (DCE)

- Basic Appliance (AP9465)
- Standard Appliance (AP9470)
- Enterprise Appliance (AP9475)
- Virtual Appliance (AP94VMACT)

StruxureWare Central (SWC)
InfraStruXure Central (ISXC)

Environment
StruxureWare Data Center Expert (all versions)
StruxureWare Central (all versions)
InfraStruXure Central (all versions)

Cause:
Schneider Electric has become aware of a critical vulnerability in the daemon that offers file sharing capabilities in Samba. Samba is a suite of tools that helps in the interoperability between UNIX with Microsoft Windows allowing Linux, Mac and FreeBSD users to set up and share folders on Windows computers using the server message block (SMB) protocol. Experts say the vulnerability can be exploited with just one line of code and has the potential to spread quickly. Samba versions 3.5 (released March 1, 2010) and onwards are impacted.

The vulnerability allows an attacker to open a SMB share (TCP/445), upload a shared library to the writable share, and then cause the server to load and execute it.

CVE ID: CVE-2017-7494: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494

Samba Disclosure: https://www.samba.org/samba/security/CVE-2017-7494.html

Resolution:

NetBotz 4.X is not vulnerable to this issue because an unaffected version of Samba is used.

StruxureWare DCE v7.X runs on Linux but does not export SMB shares, so it is not vulnerable. Since the Linux OS has samba packages installed that are necessary for client services, security scanners may continue to alert on the presence of CVE-2017-7494. The next release of DCE v7.X available later in 2017 will include the latest patched libraries.

Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.

Released for:APC Romania

Published on:6/9/2017Last Modified on:9/29/2021

Need help?

Support Center

Obtain answers on your own by trying our digital support tools.

Search FAQs

Get answers you need by browsing topic-related Frequently Asked Questions (FAQ).

How to buy?

Easily find the nearest APC Reseller or Distributor in your location.

Find your replacement battery

Find the genuine APC Replacement Battery for your UPS.

Contact Us

Connect with us for help choosing the right product or with troubleshooting and installation.