CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.1%
Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service.
Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed “Modbus” requests to TCP port 502 due to an error in “MiniHMI.exe”. According to TippingPoint:
When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the MiniHMI.exe or cause a denial-of-service.
Upgrade
Automated Solutions has addressed this issue with an update. OEMs who suspect they use an affected version of the Automated Solutions Modbus TCP Slave ActiveX Control should contact Automated Solutions for more information. A link to an executable is available via TippingPoint, however, the nature of this executable is not known and clicking on unknown executables is not advisable.
Restrict Access
Permit network access only as required for proper site operation.
981849
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 31, 2008
Affected
We have not received a statement from the vendor.
Automated Solutions released <http://www.automatedsolutions.com/pub/asmbslv/setup.exe> in response to this issue. Excercise caution when downloading and running unverified programs.
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
This vulnerability was reported by Ganesh Devarajan of TippingPoint DVLabs.
This document was written by Chris Taschner.
CVE IDs: | CVE-2007-4827 |
---|---|
Severity Metric: | 2.84 Date Public: |
www.automatedsolutions.com/pub/asmbslv/ReadMe.htm
www.nessus.org/plugins/index.php?view=single&id=26066
www.securiteam.com/windowsntfocus/5LP0L00MKM.html
www.securityfocus.com/archive/1/archive/1/479967/100/0/threaded
www.securityfocus.com/bid/25713
www.securitytracker.com/id?1018707
www.zerodayinitiative.com/advisories/TPTI-07-15.html
xforce.iss.net/xforce/xfdb/36677