Patches for InduSoft Vulnerabilities

Monday, November 21, 2011 @ 04:11 PM gHale


InduSoft Web Studio software is suffering from two vulnerabilities that exploit unauthenticated remote code execution within the CEServer Operation and the CEServer.exe directories, according to ICS-CERT.

This report first went to the Zero Day Initiative from independent security researcher Luigi Auriemma. The Zero Day Initiative coordinated with InduSoft, who has produced a patch that mitigates these vulnerabilities.

RELATED STORIES
Third Party Vulnerability Hits Mitsubishi
Remote Procedure Call Vulnerability
SCADA/HMI ActiveX Hole Found
GE Works to Fix Vulnerabilities

InduSoft said these vulnerabilities affect the following products: InduSoft Web Studio Versions 6.1 and 7.0.

Web Studio is a collection of automation tools used to develop human-machine interfaces, supervisory control and data acquisition (SCADA) systems, and embedded instrumentation solutions, InduSoft said. Web Studio is a software product sold worldwide in industries dealing with system automation.

An attacker who successfully exploits these vulnerabilities can execute arbitrary code on the targeted system. A vulnerability exists within the remote agent component (CEServer.exe) that listens by default on Port 4322/TCP. When handling incoming requests, the process fails to perform any type of authentication. CVE-2011-4051 is the associated number for this vulnerability.

Another vulnerability exists within the CEServer component, which has a runtime dependency for deployed applications that use InduSoft Web Studio. When handling the remove file operation (0x15), the process blindly copies user-supplied data to a fixed-length buffer on the stack.
CVE-2011-4052 is the associated number for this vulnerability.

An attacker with a moderate skill level could exploit these vulnerabilities.

InduSoft recommends InduSoft Web Studio software users upgrade to the latest version and install the latest patch. Click here for the InduSoft security patch.



Leave a Reply

You must be logged in to post a comment.