Executive Summary
Summary | |
---|---|
Title | Ecava IntegraXor stack-based buffer overflow vulnerability |
Informations | |||
---|---|---|---|
Name | VU#603928 | First vendor Publication | 2010-12-17 |
Vendor | VU-CERT | Last vendor Modification | 2010-12-21 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#603928Ecava IntegraXor stack-based buffer overflow vulnerabilityOverviewEcava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code.I. DescriptionAccording to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition (SCADA) system. Ecava IntegraXor is vulnerable to a stack-based buffer overflow when more than 1024 bytes are written to the fixed-size stack buffer. When an exploit sends a request greater than 1024 bytes, IntegraXor writes past the buffer bounds and corrupts memory, allowing execution of arbitrary code.II. ImpactAn attacker can cause the device to crash and may be able to execute arbitrary code.III. SolutionEcava has released a patch to mitigate the vulnerability and has notified its customer base of the availability of the patch.Vendor Information
Referenceshttp://www.us-cert.gov/control_systems/pdf/ICSA-10-322-01.pdf Thanks to Jeremy Brown for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/603928 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69960 | Ecava IntegraXor Project Class ActiveX (igcom.dll) save() Method Overflow IntegraXor is prone to an overflow condition. The program suffers from a boundary error when processing the 'save()' method of the Project class 'igcom.dll', resulting in a stack-based buffer overflow. With a specially crafted overly long string, a remote attacker can potentially execute arbitrary code. |