Executive Summary
Summary | |
---|---|
Title | Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability |
Informations | |||
---|---|---|---|
Name | VU#981849 | First vendor Publication | 2008-10-31 |
Vendor | VU-CERT | Last vendor Modification | 2008-12-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#981849Automated Solutions Modbus TCP Slave ActiveX Control VulnerabilityOverviewAutomated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service.I. DescriptionAutomated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to TCP port 502 due to an error in "MiniHMI.exe". According to TippingPoint:When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the MiniHMI.exe or cause a denial-of-service.III. SolutionUpgradeAutomated Solutions has addressed this issue with an update. OEMs who suspect they use an affected version of the Automated Solutions Modbus TCP Slave ActiveX Control should contact Automated Solutions for more information. A link to an executable is available via TippingPoint, however, the nature of this executable is not known and clicking on unknown executables is not advisable.
References
This vulnerability was reported by Ganesh Devarajan of TippingPoint DVLabs. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/981849 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38259 | Automated Solutions Modbus Slave MiniHMI.exe ActiveX Modbus/TCP Diagnostic Fu... |