[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] nSense-2011-005: Scadatec Procyon core server
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] nSense-2011-005: Scadatec Procyon core server
- From: Henri Lindberg <henri+fulldisclosure@xxxxxxxxx>
- Date: Wed, 12 Oct 2011 19:28:58 +0300
nSense Vulnerability Research Security Advisory NSENSE-2011-005
---------------------------------------------------------------
Affected Vendor: Scadatec
Affected Product: Procyon core server <=1.06
Platform: Windows
Impact: Remote code execution
Vendor response: New version released
CVE: None
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
The coreservice.exe process contains a remotely exploitable
memory corruption flaw which allows for remode code execution.
The affected component is coreservice.exe, which listens on port
23, running as SYSTEM. Sending a long string will trigger the
overflow.
Timeline:
20110412 Contacted ICS-CERT
20110527 Vendor communicates with ICS-CERT, working on fix
20110720 Independtly rediscovered by Steven Seeley/Stratsec
20110708 ICS-CERT provides link to fixed version
20110708 nSense validates fix is working as intended
20110804 ICS-CERT releases advisory to US-CERT portal
20110907 ICS-CERT releases public advisory
Solution
Contact the vendor for an updated version:
http://www.scadatec.co.uk/
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/