IOServer Out of Bounds Read Hole

Tuesday, April 15, 2014 @ 09:04 AM gHale


IOServer created a new version that mitigates an out of bounds read vulnerability in its OPC Server application, according to a report on ICS-CERT.

Researchers Chris Sistrunk of Mandiant and Adam Crain of Automatak, who discovered the remotely exploitable vulnerability, tested the new version to validate that it resolves the vulnerability.

RELATED STORIES
OSIsoft Mitigates Hole in DNP3 Line
WellinTech Corrects KingSCADA Hole
Siemens Beats the BEAST
Advantech Fixes WebAccess Vulnerabilities

OPC Drivers Versions 1.0.20 and prior suffer from the issue.
An attacker who exploits this out of bounds read vulnerability may be able to crash the OPC Server application software running on the target system.

Sydney, Australia-based IOServer has offices across the world. The affected product, OPC Server, is a Windows-based (WindowsNT/95/98/ME/2000/2003/XP/2008/7) OPC Server that allows OPC clients, such as human-machine interface and supervisory control and data acquisition systems, to exchange plant floor data with programmable logic controllers. The affected product sees use across multiple sectors including commercial facilities, critical manufacturing, energy, and water and wastewaster systems.

The Modbus slave/outstation driver for IOServer’s OPC Server application may end up forced to read outside of the intended memory register. By sending a specially crafted packet, an attacker could crash the software. This could significantly interrupt process control.

CVE-2014-0777 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.3.

No known public exploits specifically target this vulnerability. However, an attacker with a moderate skill would be able to exploit this vulnerability.

IOServer produced a new version that mitigates the vulnerability. Click here to download the new version, Beta2112.exe.



Leave a Reply

You must be logged in to post a comment.