Executive Summary
Summary | |
---|---|
Title | Citect CitectSCADA ODBC service buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#476345 | First vendor Publication | 2008-06-11 |
Vendor | VU-CERT | Last vendor Modification | 2008-09-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#476345Citect CitectSCADA ODBC service buffer overflowOverviewCitect CitectSCADA contains a remotely accessible buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code.I. DescriptionCitect CitectSCADA is software used for monitoring and control in Supervisory Control And Data Acquisition (SCADA) systems. A buffer overflow vulnerability exists in the CitectSCADA ODBC service. The ODBC Server listens on the network (20222/tcp) for service requests from clients. An attacker could exploit this vulnerability by sending specially crafted packets to a vulnerable CitectSCADA system. According to Core Security Technologies Advisory:Due to a lack of a proper length checking of the read data, a memory copy operation that uses as destination a buffer of fixed size allocated in the stack can be overflowed allowing an un-authenticated attacker to execute arbitrary code on vulnerable systems. Note that this vulnerability affects versions of Citect CitectSCADA and CitectFacilities. Exploit code for this vulnerability is publicly available. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.III. SolutionApply a patchSupported Citect customers should contact Citect to receive a patch. For more information on contacting Citect visit http://www.citect.com/index.php?option=com_content&task=view&id=26&Itemid=29.
Systems Affected
References
Thanks to Ivan Arce at Core Securities for information that was used in this report. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/476345 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Citect SCADA ODBC Service Overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2008-09-05 | CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46105 | CitectSCADA ODBC Service Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Multiple Schneider Electric SCADA products buffer overflow attempt RuleID : 14265 - Revision : 10 - Type : PROTOCOL-SCADA |