Executive Summary
Summary | |
---|---|
Title | Gesytec Easylon OPC Server fails to properly validate OPC server handles |
Informations | |||
---|---|---|---|
Name | VU#205073 | First vendor Publication | 2007-12-14 |
Vendor | VU-CERT | Last vendor Modification | 2008-01-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#205073Gesytec Easylon OPC Server fails to properly validate OPC server handlesOverviewThe Gesytec Easylon OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service condition.I. DescriptionOLE for Process Control (OPC) is a specification for a standard set of OLE COM objects used in the process control and manufacturing fields. OPC servers are often used in control systems to consolidate field and network device information.The Gesytec Easylon OPC Server fails to properly validate server handles. This vulnerability may be triggered by an attacker with access to the server's OPC interface. Restrict access to the server
References
This vulnerability was reported by NeutralBit. This document was written by Jeff Gennari and Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/205073 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42650 | Gesytec Easylon OPC Server OLE for Process Control (OPC) Unspecified Remote C... |