Summary
This host is running Optima PLC APIFTP Server and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple errors in the APIFTP Server (APIFTPServer.exe) when handling certain specially crafted packets sent to TCP port 10260 and be exploited to cause a NULL pointer dereference or an infinite loop.
Affected
Optima PLC APIFTP version 2.14.6 and prior
References
Severity
Classification
-
CVE CVE-2012-5048, CVE-2012-5049 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability
- ActFax Server Multiple Remote Buffer Overflow Vulnerabilities
- Checkpoint Firewall-1 UDP denial of service
- Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
- 7-Zip Unspecified Archive Handling Vulnerability (Win)