Summary
The host is running Sunway ForceControl and is prone to multiple vulnerabilities.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause a denial of service condition.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple flaws are caused due an,
- Error in 'NetServer.exe' when processing certain packets can be exploited to disclose the contents of arbitrary files via directory traversal attack.
- Error in 'AngelServer', Which fails to validate user-supplied input.
- Error while processing certain packets in 'SNMP NetDBServer', leads to stack overflow or integer overflow in SNMP NetDBServer and execution of arbitrary code.
Affected
Sunway ForceControl version 6.1 SP1, SP2 and SP3
References
- http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt
- http://secunia.com/advisories/46146
- http://securitytracker.com/id/1026092
- http://www.exploit-db.com/exploits/17885/
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-266-01.pdf
- http://xforce.iss.net/xforce/xfdb/70015
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)