Executive Summary

Summary
Title GE Fanuc CIMPLICITY HMI heap buffer overflow
Informations
Name VU#308556 First vendor Publication 2008-01-25
Vendor VU-CERT Last vendor Modification 2008-01-25
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#308556

GE Fanuc CIMPLICITY HMI heap buffer overflow

Overview

GE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code.

I. Description

GE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition (SCADA) systems. A heap buffer overflow vulnerability exists in a CIMPLICITY process (w32rtr.exe) that listens on the network (32000/tcp). The vulnerable process exists in both servers and clients. An attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable CIMPLICITY system.

Note that this vulnerability affects GE Fanuc CIMPLICITY HMI versions up to and including version 7.0.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.

III. Solution

Apply Patch


This vulnerability is addressed in CIMPLICITY 6.1 SP6 Hot fix - 010708_162517_6106 and CIMPLICITY 7.0 SIM 9. CIMPLICITY customers should refer to GE Fanuc knowledge base article KB2458 for more information.

Upgrade

Users of affected software with versions older than 6.1 are encouraged to upgrade to 6.1 or greater and then apply the patches described above. CIMPLICITY customers should refer to GE Fanuc knowledge base article KB12458 for more information.
Restrict Access

Restrict network access to hosts that require connections to CIMPLICITY. Do not allow access to CIMPLICITY from untrusted networks such as the internet.

Systems Affected

VendorStatusDate Updated
GE FanucVulnerable24-Jan-2008

References


http://www.securityfocus.com/archive/1/487076/30/0/threaded
http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html

Credit

This vulnerability was reported by Eyal Udassin of C4 Security.

This document was written by Chris Taschner.

Other Information

Date Public01/24/2008
Date First Published01/25/2008 03:30:28 PM
Date Last Updated01/25/2008
CERT Advisory 
CVE NameCVE-2008-0176
US-CERT Technical Alerts 
Metric3.01
Document Revision32

Original Source

Url : http://www.kb.cert.org/vuls/id/308556

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

Id Description
40745 CIMPLICITY w32rtr.exe Crafted IP Packet Overflow

A remote overflow exists in CIMPLICITY. CIMPLICITY fails to perform proper bounds checking, resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote code execution, resulting in a loss of confidentiality, and/or integrity.