Security Patch for SAUTER CASE Suite Building Automation Software Vulnerability05 November 2018 / by Applied Risk (author) / Amsterdam
The SAUTER Case Suite is a building management software that is used for project engineering and control functions of building management systems within both office and industrial environments. The application suffers from an XML External Entity (XXE) vulnerability, which can be used to cause a Denial of Service (DoS) condition via a specially crafted XML file.
This vulnerability is classified as high risk and has therefore been given a CVSS (Common Vulnerability Scoring System) of 8.6. Applied Risk has worked alongside SAUTER in the responsible disclosure process, with the vendor releasing a patch within 10 days of disclosure by ICS-CERT on October 15th. It is recommended to organisations utilising the SAUTER CASE Suite building automation software to update to the latest version.
The updates are available via the following link: https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html
To read an overview of the SAUTER CASE Suite advisory, please visit: https://applied-risk.com/application/files/7715/4115/4554/Sauter_Case_Suite_XXE_OOB_Vulnerability.pdf