Update Patches xArrow Holes

Friday, May 25, 2012 @ 04:05 PM gHale


xArrow produced a new version that resolves the multiple vulnerabilities in its software application.

The remotely exploitable vulnerabilities were a NULL pointer dereference, a heap-based buffer overflow, an out-of-bounds read, and improper restriction of operations within the bounds of a memory buffer, according to a report from ICS-CERT.

RELATED STORIES
Measuresoft ScadaPro Upgrade
Pro-face Pro-Server Vulnerabilities
Wonderware SuiteLink Vulnerability
Progea Movicon Vulnerability

Luigi Auriemma, the security researcher that identified and released the security vulnerabilities and proof-of-concept code without coordination with ICS-CERT, the vendor, or any other coordinating entity, tested the new version and confirmed they resolved the vulnerabilities.

The xArrow software versions older than Version 3.4.1 suffer from the issue

Exploitation of these vulnerabilities may cause the xArrow service to crash causing a denial-of-service condition or allow an attacker to execute arbitrary code.

xArrow is a human-machine interface (HMI) system. This product is a general configuration software tool used to monitor and collect data primarily in industrial control, infrastructure, or facility-based processes.

xArrow Software is a China-based software developer. xArrow is an HMI that sees use in building automation, water treatment, environmental automation framework monitoring, and agricultural greenhouses monitoring. The systems mainly deploy in China, India, Indonesia, Poland, and Latvia.

NULL POINTER DEREFERENCE
A NULL pointer dereference occurs when the xArrow server allocates memory without checking the buffer returned by calloc(), which may cause a crash or exit.

CVE-2012-2426 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.1.

HEAP-BASED BUFFER OVERFLOW
The xArrow server stores client data without bounds checking. By sending additional valid packets, an attacker could partially control corruption to force the arbitrary freeing of a memory address. This could allow the attacker to cause a crash or to execute arbitrary code.

CVE-2012-2427 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3

OUT-OF-BOUNDS READ
xArrow reads data past the end of the intended buffer. This is possible because of an integer overflow during the checking of the available packet size. This could cause corruption of sensitive information, a crash, or allow arbitrary code execution.

CVE-2012-2428 is the number assigned to this vulnerability, which has a CVSS v2 base score of 8.3

IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER
When performing operations on a memory buffer, xArrow reads data from a memory location that is outside the intended boundary of the buffer. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.

CVE-2012-2429 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.

xArrow produced an updated software version (3.4.2) that resolves the reported vulnerabilities.

xArrow recommends users uninstall the old version and install the new. It will preserve all project data.



Leave a Reply

You must be logged in to post a comment.