7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.9 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.5%
ICS-CERT originally released Advisory ICSA-12-013-01P on the US-CERT secure portal on January 13, 2012. This web page release was delayed to allow users time to download and install the update.
Researcher Kuang-Chun Hung of the Security Research and Service Institute–Information and Communication Security Technology Center (ICST) has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system.
ICS-CERT has coordinated with Ing. Punzenberger COPA-DATA GmbH, which has produced an updated software release that resolves these vulnerabilities. ICST has tested the new release and verified that it fully resolves these vulnerabilities.
The following product and version is affected:
Successful exploitation of these vulnerabilities may allow an attacker to execute a DoS attack and potentially execute arbitrary code.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.
According to Ing. Punzenberger COPA-DATA GmbH, zenon is an HMI that offers a graphical visualization system that runs entirely under Windows. The zenon product is used by companies worldwide for equipment automation in the automotive, energy and infrastructure, food and beverage, and pharmaceutical industries.
The Ing. Punzenberger COPA-DATA GmbH distribution network includes offices in Austria (for Central and Eastern Europe), France, Germany, Italy, Korea, Portugal and Spain, Sweden, the UK, and the USA.
A vulnerability exists that may allow an attacker to cause a DoS and possibly execute arbitrary code if the attacker sends a specially crafted packet to zenAdminSrv.exe on Port 50777/TCP.
The vendor has assigned Reference Number 25240 to the available update.
CVE-2011-4533 has been assigned to this vulnerability.
A second vulnerability exists that could allow an attacker to crash the ZenSysSrv.exe service resulting in a DoS and possibly allow arbitrary code execution. This vulnerability can be exploited by connecting and disconnecting multiple times to the ZenSysSrv.exe service on Port 1101/TCP.
The vendor has assigned Reference Number 25212 to the available update.
CVE-2011-4534 has been assigned to this vulnerability.
These vulnerabilities are remotely exploitable.
No known exploits specifically target these vulnerabilities.
An attacker with a low skill level can create the DoS; executing arbitrary code would require a more skilled attacker.
Ing. Punzenberger COPA-DATA GmbH recommends that customers take the following actions in order to prevent successful exploitation of these vulnerabilities:
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control systems security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4533
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4534
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=ING.%20Punzenberger%20COPA-DATA%20GMBH%20DoS%20Vulnerabilities+https://www.cisa.gov/news-events/ics-advisories/icsa-12-013-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-12-013-01&title=ING.%20Punzenberger%20COPA-DATA%20GMBH%20DoS%20Vulnerabilities
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-12-013-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-12-013-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=ING.%20Punzenberger%20COPA-DATA%20GMBH%20DoS%20Vulnerabilities&body=www.cisa.gov/news-events/ics-advisories/icsa-12-013-01