Schneider Electric Zelio Soft2 remote code execution vulnerability

Summary

Schneider Electric Zelio Soft is a logic controller programming software of Schneider Electric.

Schneider Electric Zelio Soft2 has a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code remotely, perform unauthorized operations, cause denial of service conditions, and retrieve sensitive information.


Solution

At present, the manufacturer has issued an update patch to fix the vulnerability, and the patch gets the link:

https://www.schneider-electric.com/en/download/document/ZelioSoft2_V5_3/