Vulnerability CVE-2007-4473
Published: 2007-12-17   Modified: 2012-02-12

Description:
Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Gesytec easylon -> Opc server 

 References:
http://www.kb.cert.org/vuls/id/205073
http://www.neutralbit.com/en/rd/opctest/
http://www.neutralbit.com/downloads/NB-NB-001-EXT-OPC%20Security%20Testing.pdf
http://osvdb.org/42650
http://xforce.iss.net/xforce/xfdb/39062
http://www.securityfocus.com/bid/26876
http://secunia.com/advisories/28079
Copyright 2024, cxsecurity.com

 

Back to Top