Executive Summary
Summary | |
---|---|
Title | AREVA e-terrahabitat SCADA systems vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#337569 | First vendor Publication | 2009-02-05 |
Vendor | VU-CERT | Last vendor Modification | 2009-02-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#337569AREVA e-terrahabitat SCADA systems vulnerabilitiesOverviewAREVA e-terrahabitat contains multiple vulnerabilities.I. DescriptionAREVA e-terrahabitat is a core component of the Energy Management system that provides real-time data and process management services. e-terrahabitat contains vulnerabilities, including a buffer overflow. For more information on these issues AREVA customers should review the following issues in AREVA T&D Security Bulletin - ATD-08-002:
II. ImpactAn unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash.III. SolutionApply PatchUsers of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately.
Limit network access to hosts that require connections to the portal. Do not allow access to the portal from untrusted networks such as the internet. Systems Affected
References
This vulnerability was reported in AREVA T&D Security Bulletin - ATD-08-002. AREVA credits Eyal Udassin and Jonathan Afek of C4, Idaho National Labs, and Department of Homeland Security Control Systems Security Program (DHS CSSP) with discovering and verifying these issues. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/337569 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54270 | AREVA e-terrahabitat WebFGServer Application Unspecified Remote Privilege Esc... |
54269 | AREVA e-terrahabitat NETIO Application Unspecified Remote DoS |
54268 | AREVA e-terrahabitat WebFGServer Application Unspecified Remote DoS (PD32020) |
54267 | AREVA e-terrahabitat WebFGServer Application Unspecified Remote DoS (PD32018) |
54266 | AREVA e-terrahabitat MLF Application Unspecified Remote Overflow |