Digital Canal’s Wind Analysis Updated

Tuesday, June 6, 2017 @ 04:06 PM gHale


Digital Canal Structural created new software to mitigate a stack-based buffer overflow vulnerability in its Wind Analysis structural engineering software platform, according to a report with ICS-CERT.

Wind Analysis versions 9.1 and prior suffer from the remotely exploitable vulnerability, discovered by Peter Cheng.

RELATED STORIES
Phoenix Broadband Mitigates BMS Hole
GE Updates Multilin SR Fix
GE Updates Proficy Vulnerability
Moxa Offers Mitigations for its OnCell

Successful exploitation of this vulnerability could cause the device the attacker is accessing to become unavailable, resulting in a denial of service.

There are no known public exploits specifically target this vulnerability. However, an attacker with a low skill level would be able to leverage the vulnerability.

The product sees use mainly in the commercial facilities sector and it sees action in the United States.

An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.

CVE-2017-7898 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Dubuque, Iowa-based Digital Canal Structural recommends that users upgrade to the latest version of the software.



Leave a Reply

You must be logged in to post a comment.