10 - VU#506864

Executive Summary

Summary
Title	InduSoft NTWebServer web service stack-based buffer overflow

Informations
Name	VU#506864	First vendor Publication	2011-01-12
Vendor	VU-CERT	Last vendor Modification	2011-01-12
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#506864

InduSoft NTWebServer web service stack-based buffer overflow

Overview

InduSoft NTWebServer web service contains a stack-based buffer overflow vulnerability.

I. Description

According to InduSoft's website: "InduSoft Web Studio™ is a powerful collection of automation tools that provide all the automation building blocks to develop HMIs, SCADA systems and embedded instrumentation solutions. Utilize InduSoft integrated Web technologies to take advantage of Internet/intranet connectivity." InduSoft NTWebServer runs a test web service on port 80/tcp. InduSoft NTWebServer test web service is vulnerable to a stack-based buffer overflow when more than 2048 bytes are written to the fixed-size stack buffer causing the test web service to write past the bounds of the buffer and corrupt the memory.

II. Impact

An attacker can cause the service to crash and may be able to execute arbitrary code.

III. Solution

Use IIS

InduSoft recommends using NTWebServer test web service only for development purposes and Microsoft IIS for production.

Restrict Access

Enable firewall rules to restrict access for port 80/tcp to only trusted sources.

Vendor Information

InduSoft's website lists other devices that may be using NTWebServer test web service that may also be vulnerable.

Vendor	Status	Date Notified	Date Updated
Advantech	Affected		2011-01-10
InduSoft	Affected		2011-01-12

References

http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf
http://www.indusoft.com/blog/?p=337
http://www.indusoft.com/mainpage.php?aricleid=17&type=Certified/Hardware

Credit

Thanks to Jeremy Brown for reporting this vulnerability to ICS-CERT.

This document was written by Michael Orlando.

Other Information

Date Public:	2011-01-04
Date First Published:	2011-01-12
Date Last Updated:	2011-01-12
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Severity Metric:	71.28
Document Revision:	27

Original Source

Url : http://www.kb.cert.org/vuls/id/506864

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Advantech Advantech Studio cpe:2.3:a:advantech:advantech_studio:6.1:::::::*	1
Application	Indusoft Web Studio cpe:2.3:a:indusoft:web_studio:7.0:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
70396	NTWebServer NTWebServer.exe HTTP Request Remote Overflow NTWebServer is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted string greater than 2048 bytes, a remote attacker can potentially execute arbitrary code.

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	2
osvdb(s)	1

	Related
10	CVE-2011-0488
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)