Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84863members
354353posts

DCO vulnerable to CVE-2017-12149

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

DCIM_Support
Picard
Picard
0 Likes
2
253

DCO vulnerable to CVE-2017-12149

This question was originally posted on DCIM Support by Garry Priestland on 2018-09-06


One of our customers has run a security scan over DCO v7.4.5 and it has highlighted this vulnerability.

https://www.tenable.com/plugins/nessus/109321

https://access.redhat.com/security/cve/cve-2017-12149

 

I can't find any reference to this in any version of DCO.

 

My initial advice would be to upgrade, assuming they are entitled to it, but I can't tell if the latest version of DCO will also have the same vulnerability.  Can you please advise if DCO 8.5.0 has this issue or not?

 

Regards

(CID:134028281)

2 Replies 2
DCIM_Support
Picard
Picard
0 Likes
0
252

Re: DCO vulnerable to CVE-2017-12149

This comment was originally posted on DCIM Support by Greg Sterling on 2018-09-06


Hello Gary. I'm hoping a representative from engineering will confirm my below statement.

DCO 7.4.5 is a very old revision of DCO. The DCO 7.x versions ran on a debian linux plaform and used an older jboss platform which may have show the vulnerability based on its description.

Current released version of DCO is version 8.2.7. This version is based on CentOS 7, and uses the Wildfly version of JBoss which is a much newer platform than the Jboss 5.x mentioned in the CVE. Based on what I read in the CVE description I do not believe its applicable to the Wildfly releases we include with DCO current DCO releases.

Regards

Greg Sterling

(CID:134028300)

DCIM_Support
Picard
Picard
0 Likes
0
252

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.