Opto22 Mitigates Buffer Overflow

Tuesday, September 4, 2018 @ 05:09 PM gHale

Opto22 has a new version that mitigates a stack-based buffer overflow in its PAC Control Basic and PAC Control Professional, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Robert Hawes, could crash the device being accessed, and a buffer overflow condition may then allow remote code execution.

RELATED STORIES
Martem Updates TELEM-GW6/GWM Fix
Philips Mitigation Plan for e-Alert Unit
Qualcomm Fixes Life Capsule Hole
Modicon Vulnerabilities Fixed

The following versions of PAC Control, a control programing software, suffer from the issue:
• PAC Control Basic Versions R10.0a and prior
• PAC Control Professional Versions R10.0a and prior

A stack-based buffer overflow vulnerability may allow remote code execution. 

CVE-2018-04154 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.4.

The product sees use in multiple manufacturing automation sectors and it sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Opto22 recommends users upgrade to the newest version.

Click here for more information about this update.



Leave a Reply

You must be logged in to post a comment.