Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84532members
353781posts

Vulnerability question DCE 7.7

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
DCIM_Support
Picard
Picard
0 Likes
7
468

Vulnerability question DCE 7.7

This question was originally posted on DCIM Support by Cees de Vogel on 2019-07-18


Hi team,

Customer had the following question:

This vulnerability was identified because (1) jQuery 1.11.1 has reached its end-of-life and is no longer supported by the vendor, consider upgrading to a newer supported version

OpenSSH: Brute-Force Authentication Protection Bypass Vulnerability

OpenSSH: Untrusted Search Path Vulnerability

OpenSSH: Shared Memory Manager Privilege Escalation Vulnerability

OpenSSH: Password Length Limitation Denial of Service Vulnerability

OpenSSH: Security Bypass Vulnerability

The above is solved in OpenSSH version 7.9p1 or higher,

What version do we have in DCE 7.7

 

(CID:147196454)


Accepted Solutions
DCIM_Support
Picard
Picard
0 Likes
1
468

Re: Vulnerability question DCE 7.7

This answer was originally posted on DCIM Support by Jackie Lehr on 2019-07-22


Hi Cees de Vogel,

Security scan results are listed here: https://sxwhelpcenter.ecostruxureit.com/display/UADCE725/Security+fixes+in+StruxureWare+Data+Center+...

CVE-2015-5600 and CVE-2016-1908 are included, the others are not. Engineering will have to search prior scan results to give you a definite answer.

Best,

Jackie

(CID:147197147)

See Answer In Context

7 Replies 7
DCIM_Support
Picard
Picard
0 Likes
3
468

Re: Vulnerability question DCE 7.7

This answer was originally posted on DCIM Support by Steven Marchetti on 2019-07-18


Hi Cees,

 

When I queried sshd in DCE 7.7.0, it returned:

OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Can you please provide a link to a web site or CVE showing the reported vulnerability to which you are referring?

 

Thanks,

Steve

(CID:147196560)

DCIM_Support
Picard
Picard
0 Likes
0
468

Re: Vulnerability question DCE 7.7

This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22


Hi Steve, 

Here the requested CVE information:

OpenSSH: Brute-Force Authentication Protection Bypass Vulnerability

CVE-2015-5600

 

OpenSSH: Untrusted Search Path Vulnerability

CVE-2016-10009

 

OpenSSH: Shared Memory Manager Privilege Escalation Vulnerability

CVE-2016-10012

 

OpenSSH: Password Length Limitation Denial of Service Vulnerability

CVE-2016-6515

 

OpenSSH: Security Bypass Vulnerability

CVE-2016-1908

 

 BR

Cees

(CID:147196997)

DCIM_Support
Picard
Picard
0 Likes
0
468

Re: Vulnerability question DCE 7.7

This comment was originally posted on DCIM Support by Steven Marchetti on 2019-07-22


Thanks...I'll see if I can find anything from the engineering teams.

Steve

(CID:147197142)

DCIM_Support
Picard
Picard
0 Likes
0
468

Re: Vulnerability question DCE 7.7

This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22


Hi Steve,

Thanks for your response, check also answer Jackie,

BR

 

Cees

(CID:147197160)

DCIM_Support
Picard
Picard
0 Likes
1
469

Re: Vulnerability question DCE 7.7

This answer was originally posted on DCIM Support by Jackie Lehr on 2019-07-22


Hi Cees de Vogel,

Security scan results are listed here: https://sxwhelpcenter.ecostruxureit.com/display/UADCE725/Security+fixes+in+StruxureWare+Data+Center+...

CVE-2015-5600 and CVE-2016-1908 are included, the others are not. Engineering will have to search prior scan results to give you a definite answer.

Best,

Jackie

(CID:147197147)

DCIM_Support
Picard
Picard
0 Likes
0
468

Re: Vulnerability question DCE 7.7

This comment was originally posted on DCIM Support by Cees de Vogel on 2019-07-22


Hi Jackie,

 

Thanks a lot 

 

BR Cees

(CID:147197159)

DCIM_Support
Picard
Picard
0 Likes
0
468

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.