Mitsubishi ActiveX Vulnerability

Tuesday, May 21, 2013 @ 06:05 PM gHale

There is a remotely exploitable ActiveX buffer overflow vulnerability in the Mitsubishi MX Component Version 3 application, according to a report on ICS-CERT.

This vulnerability, discovered by independent researchers Derek Betker and Dr_IDE, affects Mitsubishi MX Component Version 3 trial software. The affected products are:
• Mitsubishi MX Component Version 3
• Other Mitsubishi products that may be based on the same code
• CitectFacilities v7.10 and previous versions Release Date: July 2009
• CitectSCADA v7.0 and previous versions Release Date: August 2007

TURCK Fixes Gateway Bugs
Wonderware Mitigates Server Holes
RuggedCom Updates ROS Fix
MatrikonOPC Patches Vulnerabilities

CitectFacilities and CitectSCADA only distributed a trial version of Mitsubishi MX Component Version 3 as complimentary software, and is not a default installation. Schneider Electric does not license it.

This vulnerability could possibly lead to a denial of service (DoS) or potentially allow the execution of arbitrary code.

MX Component Version 3 is a SCADA product offered by Mitsubishi.

The overflow condition in the ActUWzd.dll ActiveX control ends up triggered as user-supplied input does not undergo proper validation when supplied via the WzTitle, WzPassword, WzOutsideLineNumber, WzName, WzHostAddress, WzDialNumber, WzComment, WzCallbackNumber, or WzATCommand methods. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a DoS or potentially allowing the execution of arbitrary code.

CVE-2013-3075 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.

Exploits that target this vulnerability are publicly available and an attacker with medium skill would be able to exploit this vulnerability.

Mitsubishi recommends upgrading to the latest version (MX Component 4.03) which does on suffer from this vulnerability. Customers can contact Mitsubishi support and service for more information.

Schneider Electric has released a security notification for CitectFacilities and CitectSCADA products that distributed a complimentary trial version of Mitsubishi MX Component Version 3.

Leave a Reply

You must be logged in to post a comment.