IBHsoftec Clears Buffer Overflow

Wednesday, November 2, 2016 @ 10:11 AM gHale


IBHsoftec created a new version to mitigate a buffer overflow vulnerability in its S7-SoftPLC, according to a report with ICS-CERT.

This vulnerability, discovered by Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative, is remotely exploitable.

RELATED STORIES
Honeywell Clears Improper Input Hole
Remote Control SCADA Issue Fixed
Moxa Clears Privilege Escalation Hole
Schneider Fixes Password Vulnerability

S7-SoftPLC versions prior to 4.12b suffer from the issue.

An attacker who exploits this vulnerability may be able to affect integrity, confidentiality, and availability of the target device.

IBHsoftec GmbH is a Germany-based company that sells products through distributors worldwide.

S7-SoftPLC, is a software program meant to replace a hardware PLC. These products see action across several sectors including critical manufacturing, energy, and water and wastewater systems. IBHsoftec said these products see use primarily in Europe, Asia, and the United States.

Object memory can read a network packet that is larger than the space that is available.

CVE-2016-8364 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

IBHsoftec released a new version to address this vulnerability. For more information, click on the demo site or the set up site.



Leave a Reply

You must be logged in to post a comment.