Register
 (photo: )
05.11.2018, 16:12

Security Patch for SAUTER CASE Suite Building Automation Software Vulnerability

Company News, Automation, Robotics & Artificial Intelligence (AI), Americas, Technology, Automation & Robotics, ICT
Applied Risk researcher, Gjoko Krstic, has identified a security vulnerability in the SAUTER CASE Suite, a software package used to handle building automation projects with energy-efficient strategies and methods. The impact of this vulnerability is that an unauthenticated user can craft a malicious XML data file that allows them to access sensitive information or configuration files, potentially impacting the availability of the affected application.

 

The SAUTER Case Suite is a building management software that is used for project engineering and control functions of building management systems within both office and industrial environments. The application suffers from an XML External Entity (XXE) vulnerability, which can be used to cause a Denial of Service (DoS) condition via a specially crafted XML file.

 

This vulnerability is classified as high risk and has therefore been given a CVSS (Common Vulnerability Scoring System) of 8.6. Applied Risk has worked alongside SAUTER in the responsible disclosure process, with the vendor releasing a patch within 10 days of disclosure by ICS-CERT on October 15th. It is recommended to organisations utilising the SAUTER CASE Suite building automation software to update to the latest version.

The updates are available via the following link: https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html

To read an overview of the SAUTER CASE Suite advisory, please visit: https://applied-risk.com/application/files/7715/4115/4554/Sauter_Case_Suite_XXE_OOB_Vulnerability.pdf 




Applied Risk

About Applied Risk

Applied Risk is an established leader in Industrial Control Systems security that helps to protect assets and reduce security risk. They do this by providing organisations ranging from Fortune 500 enterprises to small-to-medium sized businesses with the services and solutions they need to transform the way they procure, build, integrate and manage their critical infrastructures. Established in 2012, Applied Risk has quickly grown to become a major cybersecurity player within the Industrial Automation and Process Control Domain. To learn more, visit www.applied-risk.com.

Article rating:

vote data

 (photo: Rentokil Initial plc)
News Editor  - 01.03.2018, 08:30

Strong Growth from Rentokil Initial

FTSE 100 business services group Rentokil Initial has announced revenue growth of 14.5 per cent and on-going operating profits of 14.8 per cent in preliminary results for the year ended 31 December...

(Photograph courtesy of Tookapic). (photo: )
Marissa Francis  - 05.03.2018, 17:13

The Definition of 'Clever'

Marissa Francis, Heating Ventilation and Air Conditioning (HVAC) Improver with ABM UK, explains why university isn't the only route into facilities management.

New chargepoint installation at Southampton Airport. (photo: Southampton Airport)
AGS Airports  - 26.03.2018, 11:30

Southampton Airport Adds EV Chargepoints

Southampton Airport is helping power the growing number of electric vehicle (EV) drivers on UK roads with the installation of seven new Pod Point 7kW chargepoints in its short stay and priority...

(Photograph courtesy of Tookapic). (photo: )
Marissa Francis  - 05.03.2018, 17:13

The Definition of 'Clever'

Marissa Francis, Heating Ventilation and Air Conditioning (HVAC) Improver with ABM UK, explains why university isn't the only route into facilities management.

New chargepoint installation at Southampton Airport. (photo: Southampton Airport)
AGS Airports  - 26.03.2018, 11:30

Southampton Airport Adds EV Chargepoints

Southampton Airport is helping power the growing number of electric vehicle (EV) drivers on UK roads with the installation of seven new Pod Point 7kW chargepoints in its short stay and priority...

 (photo: )
Delta Security  - 16.11.2018, 08:43

Securing a Commercial Property in Hackney

Delta Security has installed new steel, fire-rated security doors and an access control system designed to combat a series of break-ins at a commercial property managed by Property Initiatives...