Advantech Patches Buffer Overflow

Friday, February 13, 2015 @ 05:02 PM gHale

Advantech produced a patch that mitigates a buffer overflow vulnerability in the EKI-1200 product line, according to a report on ICS-CERT.

Core Security Engineering, where Enrique Nissim and Pablo Lorenzzato discovered the remotely exploitable vulnerability, tested the patch to validate it resolves the vulnerability.

Microsoft: Control System Warning
GE, MACTek Integrate HART DTM Fix
Pepperl+Fuchs Integrating Hart DTM Fix
HART DTM Vulnerability a Small Risk

EKI-1200 product line suffers from the issue.

An exploit of this vulnerability could allow an attacker to execute arbitrary code.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The EKI-1200 series Modbus gateways are bi-directional gateways for integrating Modbus/RTU and Modbus/ASCII serial devices to TCP/IP networked-based devices. These products deploy globally.

Advantech EKI-1200 products are vulnerable to a buffer overflow, which can end up exploited by remote attackers to execute arbitrary code.

CVE-2014-8385 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

No known public exploits specifically target this vulnerability and an attacker with a low skill would be able to exploit this vulnerability.

Advantech has created new firmware Version 1.63 to mitigate this vulnerability. Users may download the patch from the Advantech web site.

Click here for additional information about the EKI 1221.

Leave a Reply

You must be logged in to post a comment.