Executive Summary
Summary | |
---|---|
Title | GE Fanuc CIMPLICITY HMI heap buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#308556 | First vendor Publication | 2008-01-25 |
Vendor | VU-CERT | Last vendor Modification | 2008-01-25 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#308556GE Fanuc CIMPLICITY HMI heap buffer overflowOverviewGE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code.I. DescriptionGE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition (SCADA) systems. A heap buffer overflow vulnerability exists in a CIMPLICITY process (w32rtr.exe) that listens on the network (32000/tcp). The vulnerable process exists in both servers and clients. An attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable CIMPLICITY system.Note that this vulnerability affects GE Fanuc CIMPLICITY HMI versions up to and including version 7.0.
References
This vulnerability was reported by Eyal Udassin of C4 Security. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/308556 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40745 | CIMPLICITY w32rtr.exe Crafted IP Packet Overflow A remote overflow exists in CIMPLICITY. CIMPLICITY fails to perform proper bounds checking, resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote code execution, resulting in a loss of confidentiality, and/or integrity. |