7.5 - VU#981849

Executive Summary

Summary
Title	Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability

Informations
Name	VU#981849	First vendor Publication	2008-10-31
Vendor	VU-CERT	Last vendor Modification	2008-12-19
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#981849

Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability

Overview

Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service.

I. Description

Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to TCP port 502 due to an error in "MiniHMI.exe". According to TippingPoint:

When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the MiniHMI.exe or cause a denial-of-service.

III. Solution

Upgrade

Automated Solutions has addressed this issue with an update. OEMs who suspect they use an affected version of the Automated Solutions Modbus TCP Slave ActiveX Control should contact Automated Solutions for more information. A link to an executable is available via TippingPoint, however, the nature of this executable is not known and clicking on unknown executables is not advisable.

Restrict Access

Permit network access only as required for proper site operation.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Automated Solutions	Vulnerable		2008-10-31

References

http://www.zerodayinitiative.com/advisories/TPTI-07-15.html
http://www.securiteam.com/windowsntfocus/5LP0L00MKM.html
http://www.securityfocus.com/archive/1/archive/1/479967/100/0/threaded
http://www.nessus.org/plugins/index.php?view=single&id=26066
http://www.automatedsolutions.com/pub/asmbslv/ReadMe.htm
http://www.securityfocus.com/bid/25713
http://www.securitytracker.com/id?1018707
http://xforce.iss.net/xforce/xfdb/36677

Credit

This vulnerability was reported by Ganesh Devarajan of TippingPoint DVLabs.

This document was written by Chris Taschner.

Other Information

Date Public:	2007-09-20
Date First Published:	2008-12-19
Date Last Updated:	2008-12-19
CERT Advisory:
CVE-ID(s):	CVE-2007-4827
NVD-ID(s):	CVE-2007-4827
US-CERT Technical Alerts:
Metric:	2.84
Document Revision:	15

Original Source

Url : http://www.kb.cert.org/vuls/id/981849

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

Id	Description
38259	Automated Solutions Modbus Slave MiniHMI.exe ActiveX Modbus/TCP Diagnostic Fu...

Global Informations

Type	Count
CWE ID(s)	1
osvdb(s)	1

	Related
7.5	CVE-2007-4827
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)