Executive Summary

Summary
Title IntelliCom NetBiter Config HICP hostname buffer overflow
Informations
Name VU#181737 First vendor Publication 2010-03-24
Vendor VU-CERT Last vendor Modification 2010-03-26
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#181737

IntelliCom NetBiter Config HICP hostname buffer overflow

Overview

The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.

I. Description

IntelliCom NetBiter devices are based on HMS Anybus technology. The HMS HICP protocol (3250/udp) provides a way to configure network settings for NetBiter and possibly other Anybus-based devices. The NetBiter Config HICP configuration utility (NetbiterConfig.exe) has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. Further details are available in the original post by Rubén Santamarta.

II. Impact

An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.

III. Solution

Upgrade

This vulnerability is addressed in NetBiter Config version 1.3.1. Please see IntelliCom Security Bulletin ISFR-4404-0007.

Restrict access

Restrict access to SCADA, DCS, and other control system networks.

Systems Affected

VendorStatusDate NotifiedDate Updated
IntelliCom Innovation ABVulnerable2010-03-19

References


http://blog.48bits.com/?p=781
http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
http://www.hms.se/products/prodindex.shtml
http://www.anybus.com/products/abxsstech.shtml
http://support.intellicom.se/news.cfm?NWID=33
http://support.intellicom.se/getfile.cfm?FID=150
http://www.securityfocus.com/bid/37328

Credit

This information was published by Rubén Santamarta.

This document was written by Art Manion.

Other Information

Date Public:2009-12-12
Date First Published:2010-03-24
Date Last Updated:2010-03-26
CERT Advisory: 
CVE-ID(s):CVE-2009-4462
NVD-ID(s):CVE-2009-4462
US-CERT Technical Alerts: 
Metric:0.48
Document Revision:19

Original Source

Url : http://www.kb.cert.org/vuls/id/181737

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
63325 Intellicom NetBiter webSCADA NetBiterConfig.exe hn Parameter Remote Overflow

IntelliCom NetBiterConfig utility version 1.3.0 and earlier are prone to an overflow condition. The NetBiterConfig utility fails to properly sanitize user-supplied input (e.g., a hostname of 0x60 bytes) resulting in a stack-based overflow. With a specially crafted HICP-protocol UDP packet., a remote attacker can potentially cause the affected application to crash or execute arbitrary code.
61018 Intellicom NetBiter Config NetbiterConfig.exe Device Hostname Remote Overflow

Snort® IPS/IDS

Date Description
2014-01-10 IntelliCom NetBiter config utility hostname overflow attempt
RuleID : 20052 - Revision : 5 - Type : PROTOCOL-SCADA