OSIsoft Releases Vulnerability Fix

Friday, July 20, 2012 @ 02:07 PM gHale


There is an update out to tackle a stack-based buffer overflow vulnerability in OSIsoft’s PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code, according to a report on ICS-CERT.

OSIsoft discovered this vulnerability during a software assessment they requested and funded by the Department of Homeland Security.

RELATED STORIES
Tridium Holes Remotely Exploitable
ICS-CERT: Attacks on Rise
Pro-face Pro-Server EX Fix
Sielco Sistemi Winlog Holes

OSIsoft published a user notification and released a product update that resolves this vulnerability.

The vulnerability affects all versions of PI OPC DA Interface prior to Version 2.3.20.9.

Successful exploitation of this vulnerability could allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

The PI OPC DA Interface allows the PI System to access plant floor process data using the OPC standard, OSIsoft said.

The PI OPC DA Interface does not correctly validate the OPC input messages before performing further processing. By sending additional valid packets, an attacker could partially control corruption to force the arbitrary freeing of a memory address. This could allow the attacker to cause a crash or to execute arbitrary code. CVE-2012-3008 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.3.

An authenticated attacker with the ability to write data to OPC items collected by the PI OPC DA Interface could remotely exploit this vulnerability. Creating an exploit for this vulnerability would require medium skill level.

OSIsoft said users to upgrade to Version 2.3.20.9 or later. The PI OPC DA Interface update is at the OSIsoft technical support Web site.



Leave a Reply

You must be logged in to post a comment.