ID

VAR-201202-0005


CVE

CVE-2011-1914


TITLE

Advantech ADAM OPC Server ActiveX Control Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4690 // BID: 50529

DESCRIPTION

Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A memory corruption vulnerability exists in Siemens SIMATIC WinCC Flexible. Due to an unspecified error in the tag emulator, an attacker can cause memory corruption by opening a specially crafted file, and the exploit can successfully execute arbitrary code. Advantech ADAM OPC Server is a Taiwanese industrial device server interface. Advantech ADAM OPC Server is prone to a remote buffer-overflow vulnerability because it fails to sufficiently validate user-supplied data. This issue affects an unspecified ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions. The following versions are affected: The following products are affected: ProTool 6.0 SP3 WinCC flexible 2004 WinCC flexible 2005 WinCC flexible 2005 SP1 WinCC flexible 2007 WinCC flexible 2008 WinCC flexible 2008 SP1 WinCC flexible 2008 SP2. The following products are affected: Siemens SIMATIC WinCC flexible Runtime Siemens SIMATIC WinCC (TIA Portal) Runtime Advanced. Successful exploitation of the vulnerability can execute arbitrary code. A failed attack may cause a denial of service. The vulnerability are reported in versions 2005 SP1, 2007, 2008, 2008 SP1, and 2008 SP2. Please see vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system. The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.14

sources: NVD: CVE-2011-1914 // JVNDB: JVNDB-2012-001544 // CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690 // BID: 50529 // BID: 49405 // BID: 49479 // IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d // VULHUB: VHN-49859 // PACKETSTORM: 104678 // PACKETSTORM: 106765

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.1

vendor:advantechmodel:adam opc serverscope:lteversion:3.01.011

Trust: 1.0

vendor:advantechmodel:modbus rtu opc serverscope:lteversion:3.01.010

Trust: 1.0

vendor:advantechmodel:modbus tcp opc serverscope:lteversion:3.01.09

Trust: 1.0

vendor:siemensmodel:protool sp3scope:eqversion:6.0

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2005

Trust: 0.9

vendor:advantechmodel:adam opc serverscope:ltversion:3.01.012

Trust: 0.8

vendor:advantechmodel:modbus rtu opc serverscope:ltversion:3.01.010

Trust: 0.8

vendor:advantechmodel:modbus tcp opc serverscope:ltversion:3.01.010

Trust: 0.8

vendor:advantechmodel:modbus tcp opc serverscope: - version: -

Trust: 0.6

vendor:advantechmodel:modbus rtu opc serverscope: - version: -

Trust: 0.6

vendor:advantechmodel:adam opc serverscope: - version: -

Trust: 0.6

vendor:advantechmodel:modbus rtu opc serverscope:eqversion:3.01.010

Trust: 0.6

vendor:advantechmodel:modbus tcp opc serverscope:eqversion:3.01.09

Trust: 0.6

vendor:advantechmodel:adam opc serverscope:eqversion:3.01.011

Trust: 0.6

vendor:advantechmodel:modbus tcp opc serverscope:eqversion:0

Trust: 0.3

vendor:advantechmodel:modbus rtu opc serverscope:eqversion:0

Trust: 0.3

vendor:advantechmodel:adam opc serverscope:eqversion:0

Trust: 0.3

vendor:advantechmodel:modbus rtu opc serverscope:neversion:3.01.010

Trust: 0.3

vendor:advantechmodel:modbus tcp opc serverscope:neversion:3.01.010

Trust: 0.3

vendor:advantechmodel:adam opc serverscope:neversion:3.01.012

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

vendor:adam opc servermodel: - scope:eqversion:*

Trust: 0.2

vendor:modbus rtu opc servermodel: - scope:eqversion:*

Trust: 0.2

vendor:modbus tcp opc servermodel: - scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:protool sp3scope:eqversion:6.0*

Trust: 0.2

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008*

Trust: 0.2

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008*

Trust: 0.2

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008*

Trust: 0.2

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007*

Trust: 0.2

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2005*

Trust: 0.2

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690 // BID: 50529 // BID: 49405 // BID: 49479 // JVNDB: JVNDB-2012-001544 // CNNVD: CNNVD-201111-163 // NVD: CVE-2011-1914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1914
value: HIGH

Trust: 1.0

NVD: CVE-2011-1914
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201111-163
value: CRITICAL

Trust: 0.6

IVD: 1a544d94-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-49859
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-1914
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2011-1914
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 1a544d94-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

VULHUB: VHN-49859
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d // VULHUB: VHN-49859 // JVNDB: JVNDB-2012-001544 // CNNVD: CNNVD-201111-163 // NVD: CVE-2011-1914

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-49859 // JVNDB: JVNDB-2012-001544 // NVD: CVE-2011-1914

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201108-546 // CNNVD: CNNVD-201111-163

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201111-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001544

PATCH

title:OPC Serverurl:http://www.advantech.co.jp/products/OPC-Server/mod_7396B07A-5CAE-463C-947B-2EED9E3A2B79.aspx

Trust: 0.8

title:パートナー情報url:http://www.advantech.co.jp/support-AJP/distributors.asp

Trust: 0.8

title:Top Pageurl:http://www.advantech.co.jp/

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC Flexible Tag Simulator Memory Corruption Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/4976

Trust: 0.6

title:Advantech ADAM OPC Server ActiveX Control Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/5790

Trust: 0.6

title:ModbusTCP OPC Server_3_01_013url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42708

Trust: 0.6

title:ADAM OPC Server_3_01_012url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42710

Trust: 0.6

title:ModbusRTU OPC Server_3_01_010url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42709

Trust: 0.6

sources: CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690 // JVNDB: JVNDB-2012-001544 // CNNVD: CNNVD-201111-163

EXTERNAL IDS

db:NVDid:CVE-2011-1914

Trust: 3.9

db:ICS CERTid:ICSA-11-279-01

Trust: 3.5

db:BIDid:49405

Trust: 1.5

db:BIDid:50529

Trust: 1.0

db:CNNVDid:CNNVD-201111-163

Trust: 0.9

db:CNVDid:CNVD-2011-4690

Trust: 0.8

db:CNVDid:CNVD-2011-3471

Trust: 0.8

db:JVNDBid:JVNDB-2012-001544

Trust: 0.8

db:SECUNIAid:46775

Trust: 0.8

db:ICS CERTid:ICSA-11-175-02

Trust: 0.7

db:CNNVDid:CNNVD-201108-546

Trust: 0.6

db:NSFOCUSid:17671

Trust: 0.6

db:NSFOCUSid:18130

Trust: 0.6

db:BIDid:49479

Trust: 0.4

db:IVDid:1A544D94-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:5119408C-1F8A-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SECUNIAid:45770

Trust: 0.2

db:VULHUBid:VHN-49859

Trust: 0.1

db:PACKETSTORMid:104678

Trust: 0.1

db:PACKETSTORMid:106765

Trust: 0.1

sources: IVD: 1a544d94-2354-11e6-abef-000c29c66e3d // IVD: 5119408c-1f8a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690 // VULHUB: VHN-49859 // BID: 50529 // BID: 49405 // BID: 49479 // JVNDB: JVNDB-2012-001544 // PACKETSTORM: 104678 // PACKETSTORM: 106765 // CNNVD: CNNVD-201108-546 // CNNVD: CNNVD-201111-163 // NVD: CVE-2011-1914

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf

Trust: 3.5

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1914

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1914

Trust: 0.8

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-175-02.pdf

Trust: 0.7

url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=50182361

Trust: 0.7

url:http://www.securityfocus.com/bid/49405http

Trust: 0.6

url:http://www.securityfocus.com/bid/49405

Trust: 0.6

url:http://secunia.com/advisories/46775

Trust: 0.6

url:http://www.securityfocus.com/bid/50529

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18130

Trust: 0.6

url:http://www.nsfocus.net/vulndb/17671

Trust: 0.6

url:http://webaccess.advantech.com/product.php

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45770

Trust: 0.1

url:http://secunia.com/advisories/45770/#comments

Trust: 0.1

url:http://secunia.com/blog/242

Trust: 0.1

url:http://secunia.com/advisories/45770/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46775

Trust: 0.1

url:http://secunia.com/products/corporate/vim/ovum_2011_request/

Trust: 0.1

url:http://secunia.com/advisories/46775/

Trust: 0.1

url:http://secunia.com/advisories/46775/#comments

Trust: 0.1

sources: CNVD: CNVD-2011-3471 // CNVD: CNVD-2011-4690 // VULHUB: VHN-49859 // BID: 50529 // BID: 49405 // BID: 49479 // JVNDB: JVNDB-2012-001544 // PACKETSTORM: 104678 // PACKETSTORM: 106765 // CNNVD: CNNVD-201108-546 // CNNVD: CNNVD-201111-163 // NVD: CVE-2011-1914

CREDITS

CERT and ICST

Trust: 0.9

sources: BID: 50529 // CNNVD: CNNVD-201111-163

SOURCES

db:IVDid:1a544d94-2354-11e6-abef-000c29c66e3d
db:IVDid:5119408c-1f8a-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3471
db:CNVDid:CNVD-2011-4690
db:VULHUBid:VHN-49859
db:BIDid:50529
db:BIDid:49405
db:BIDid:49479
db:JVNDBid:JVNDB-2012-001544
db:PACKETSTORMid:104678
db:PACKETSTORMid:106765
db:CNNVDid:CNNVD-201108-546
db:CNNVDid:CNNVD-201111-163
db:NVDid:CVE-2011-1914

LAST UPDATE DATE

2024-08-14T13:36:47.354000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3471date:2011-09-02T00:00:00
db:CNVDid:CNVD-2011-4690date:2011-11-07T00:00:00
db:VULHUBid:VHN-49859date:2012-02-23T00:00:00
db:BIDid:50529date:2011-11-04T00:00:00
db:BIDid:49405date:2011-09-01T00:00:00
db:BIDid:49479date:2011-09-06T00:00:00
db:JVNDBid:JVNDB-2012-001544date:2012-02-23T00:00:00
db:CNNVDid:CNNVD-201108-546date:2011-09-05T00:00:00
db:CNNVDid:CNNVD-201111-163date:2011-11-08T00:00:00
db:NVDid:CVE-2011-1914date:2012-02-23T05:00:00

SOURCES RELEASE DATE

db:IVDid:1a544d94-2354-11e6-abef-000c29c66e3ddate:2011-11-07T00:00:00
db:IVDid:5119408c-1f8a-11e6-abef-000c29c66e3ddate:2011-09-02T00:00:00
db:CNVDid:CNVD-2011-3471date:2011-09-02T00:00:00
db:CNVDid:CNVD-2011-4690date:2011-11-07T00:00:00
db:VULHUBid:VHN-49859date:2012-02-21T00:00:00
db:BIDid:50529date:2011-11-04T00:00:00
db:BIDid:49405date:2011-09-01T00:00:00
db:BIDid:49479date:2011-09-06T00:00:00
db:JVNDBid:JVNDB-2012-001544date:2012-02-23T00:00:00
db:PACKETSTORMid:104678date:2011-09-01T12:46:24
db:PACKETSTORMid:106765date:2011-11-09T12:04:37
db:CNNVDid:CNNVD-201108-546date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201111-163date:1900-01-01T00:00:00
db:NVDid:CVE-2011-1914date:2012-02-21T13:31:55.877