#buffer_overflow

Overview This advisory is a follow-up to ICS-ALERT-11-011-01 WellinTech Kingview Buffer Overflow, published on the ICS-CERT Web site on January 11, 2011. Independent security researcher Dillon Beresford reported a heap overflow vulnerability in WellinTech KingView V6.53, which may allow a remote, unauthenticated attacker to execute arbitrary code. ICS-CERT has verified the vulnerability. WellinTech has developed and released a patch to mitigate this vulnerability, 6.53(2010-12-15). This patch has been validated by both ICS-CERT and the independent security researcher. Affected Products This vulnerability affects both the Chinese and English language versions of KingView V6.53. Impact Successful exploitation of the heap overflow vulnerability in KingView V6.53 would allow a remote attacker to cause the service to crash and may allow the execution of arbitrary code as the user. The specific impact to an individual organization depends on many factors that are unique to the organization. ...

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the test web server bundled with Advantech Studio Version 6.1. This web server is intended to be used for testing purposes and should not be used in a production environment. Advantech has verified the problem and has developed a patch to mitigate the vulnerability. Affected Products This vulnerability affects the test web server bundled with Advantech Studio Version 6.1 and all previous versions. This does not apply to Windows CE versions. Impact Advantech recommends using the bundled test web server only for testing purposes. If the bundled test web server is not used in production, the impact of this vulnerability should be minimal. While a successful exploit of the buffer overflow could allow arbitrary code execution, the specific impact to an individual organization depends on many factors that are unique to the organization. ICS...

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface (HMI) product that could allow the execution of arbitrary code. Ecava has verified the claim and has released a patch to mitigate the vulnerability (igsetup-3.5.3900.10.msi or later). Affected Products This vulnerability affects all IntegraXor versions prior to v3.5 (Build 3900.10). Ecava has developed a patch to mitigate this vulnerability. For more information, customers can review the Ecava announcement at http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note. Impact IntegraXor is currently used in several areas of process control, though primarily in Malaysia. While a successful exploit of this vulnerability could lead to arbitrary code execution, the impact to individual organizations depends on many factors that are unique to each organiza...

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a heap corruption vulnerability in the Automated Solutions Modbus/TCP Master OPC server. Automated Solutions has confirmed that their most recent patch mitigates the vulnerability for Version 3.0.0. ICS-CERT has verified that the software update resolves the vulnerability identified by the researcher. --------- Begin Update A-------- The vulnerability could be exploited by creating a Modbus/TCP Slave application that generates non-compliant Modbus/TCP reply packets. Successful exploitation would likely not allow arbitrary code execution; however, an exploit could possibly corrupt the OPC server memory. --------- End Update A-------- Affected Products This vulnerability affects the Automated Solutions Modbus/TCP Master OPC Server product (Version 3.0.0) and all previous versions. --------- Begin Update A-------- According to Automated Solutions, no other products share the OPC Serv...

Overview --------- Begin Update A Part 1 of 2 ---------- On October 20, 2010, an independent security researcher postedRubén Santamarta, http://www.reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1, website last visited October 28, 2010. information regarding a vulnerability in MOXA Device Manager (MDM) Version 2.1. MOXA has confirmed this vulnerability and released Version 2.3 on November 11, 2010 to resolve this issue. Further updated information is listed in the vulnerability and mitigation section of this document. ---------- End Update A Part 1 of 2 ---------- The security researcher’s analysis indicates successful exploitation of this vulnerability can lead to arbitrary code execution and control of the system. However, based on conversations with the researcher, the level of difficulty to exploit this vulnerability is high. Affected Products MOXA Device Manager Version 2.1 is affected by this vulnerability. Impact MOXA’s embedded device products are implement...

Overview This advisory is a follow-up to ICS-ALERT-10-305-01 RealFlex RealWin Buffer Overflows, which was published on the ICS-CERT Web site on November 01, 2010. On October 15, 2010 an independent security researcher posted informationResearcher, http://aluigi.altervista.org/adv/realwin1-adv.txt, website last visited November 4, 2010.  regarding vulnerabilities in RealFlex Technologies Ltd. RealWin SCADA software products. The security researcher’s analysis indicated that successful exploitation of these vulnerabilities can lead to arbitrary code execution and control of the system. RealFlex Technologies has validated the researcher’s findings and released an updateRealFlex, http://csrealflex.com/cs/index.ssp, website last visited November 8, 2010. to resolve these issues. ICS-CERT has verified that the software update resolves the vulnerabilities highlighted by the researcher. Affected Products All RealWin versions up to and including Version 2.1.8 (Build 6.1.8) are affected by these...

Overview This advisory is a follow-up to ICS-ALERT-10-260-01 SCADA Engine BACnet OPC Client Buffer Overflow, which was published on the ICS-CERT Web site on September 17, 2010. A buffer overflow vulnerability has been reportedSecunia Advisory SA41466, http://secunia.com/advisories/41466/, website last accessed September 21, 2010 in SCADA Engine’s BACnet OPC Client. Using a specially crafted malicious file, this vulnerability could allow an attacker to crash the application and execute arbitrary code. A software update is available that resolves this vulnerability. ICS-CERT is aware that exploit code for this vulnerability is publicly available.http://packetstormsecurity.org/1009-exploits/bacnet-overflow.py.txt, website last accessed September 21, 2010  However, ICS-CERT has not received any reports of the vulnerability being exploited in the wild. Affected Products ICS-CERT has confirmed the vulnerability in Version 1.0.24. Older versions may also be affected. SCADA Engine has released...

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.