Knowledge Base
cancel
Showing results for 
Search instead for 
Did you mean: 

I/A Series G3 Security Alert: Security Patch Released for 3.5 and 3.6

Issue

I/A Series G3 Security Alert

Security Patch Released for 3.5 and 3.6 to remove a directory traversal vulnerability allowing a user with a valid user account or guest privileges to escalate his or her privileges on a NiagaraAX based system.

Product Line

TAC IA Series

Environment

IA Series G3 - Versions 3.5.xx and 3.6.xx

Cause

The patch addresses a new vulnerability that was publicly disclosed in January 2013 at a security analyst conference by two security researchers – Billy Rios and Terry McCorkle. The patch removes a directory traversal vulnerability allowing a user with a valid user account or guest privileges to escalate his or her privileges on a NiagaraAX based system.

Resolution

Schneider Electric strongly recommends all customers apply the security patch to any existing 3.5 or 3.6 systems to correct this vulnerability.

Customers with systems running a version of I/A Series G3 released prior to 3.5 should purchase an upgrade to the latest version of the Niagara Framework software in order to take advantage of the latest security improvements. Download and review TPA-IA-13-0003.00 Technical Product Advisory that details the vulnerabilities and security patch installation instructions.

Security patches are available for download from The EcoBuilding Download Center: Security Patches.

Note: The patch does not affect any standard Niagara configuration or functionality. The only impact of the change is to remove the vulnerability.

Tags (1)
Labels (1)
No ratings
Version history
Revision #:
3 of 3
Last update:
Friday
Updated by: