Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Azeotech DAQFactory (HMI/SCADA) and is prone to denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause denial of service condition. Impact Level: System/Application

Solution

Update to version 5.86 or later, For updates refer to http://www.azeotech.com/daqfactory.php

Insight

The flaw is due to an error while parsing NETB datagrams. Which can be exploited to cause a buffer overflow by sending a crafted NETB packet to port 20034/UDP.

Affected

Azeotech DAQFactory 5.85 build 1853 and earlier.

References

http://aluigi.altervista.org/adv/daqfactory_1-adv.txt
http://osvdb.org/75496
http://www.exploit-db.com/exploits/17841
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf
http://xforce.iss.net/xforce/xfdb/69764

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3492

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
CesarFTP MKD Command Buffer Overflow
Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Linux)
CUPS IPP Use-After-Free Denial of Service Vulnerability
Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)

Take action and discover your vulnerabilities