ID

VAR-201204-0097


CVE

CVE-2011-4871


TITLE

OPC Systems.NET RPC Message Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4144

DESCRIPTION

Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. OPC Systems.NET is a .NET product for SCADA, HMI and production line-to-business solutions. OPC Systems.NET handles malformed .NET RPC messages with security vulnerabilities. Submitting malicious requests can cause OPCSystemsService.exe to consume a large amount of CPU, causing denial of service attacks. OPC Systems.NET is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, denying service to legitimate users. OPC Systems.NET 4.00.0048 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2011-4871 // JVNDB: JVNDB-2012-002089 // CNVD: CNVD-2011-4144 // BID: 50047 // IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4144

AFFECTED PRODUCTS

vendor:opcsystemsmodel:opcsystems.netscope:lteversion:4.0

Trust: 1.0

vendor:opcmodel:systems opc systems.netscope:eqversion:4.0.48

Trust: 0.9

vendor:open automationmodel:opc systems.netscope:ltversion:5.0

Trust: 0.8

vendor:opcsystemsmodel:opcsystems.netscope:eqversion:4.0

Trust: 0.6

vendor:opcmodel:systems opc systems.netscope:neversion:5.0

Trust: 0.3

vendor:opcsystems netmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4144 // BID: 50047 // JVNDB: JVNDB-2012-002089 // CNNVD: CNNVD-201204-410 // NVD: CVE-2011-4871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4871
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4871
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-410
value: MEDIUM

Trust: 0.6

IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4871
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-002089 // CNNVD: CNNVD-201204-410 // NVD: CVE-2011-4871

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2012-002089 // NVD: CVE-2011-4871

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201204-410 // CNNVD: CNNVD-201110-214

TYPE

Input validation

Trust: 0.8

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-410

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002089

PATCH

title:OPC SYSTEMS.NETurl:http://www.opcsystems.net/opc_systems_net.htm

Trust: 0.8

sources: JVNDB: JVNDB-2012-002089

EXTERNAL IDS

db:NVDid:CVE-2011-4871

Trust: 2.9

db:ICS CERTid:ICSA-12-012-01

Trust: 2.7

db:BIDid:50047

Trust: 1.5

db:CNVDid:CNVD-2011-4144

Trust: 0.8

db:CNNVDid:CNNVD-201204-410

Trust: 0.8

db:JVNDBid:JVNDB-2012-002089

Trust: 0.8

db:PACKETSTORMid:105663

Trust: 0.6

db:CNNVDid:CNNVD-201110-214

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-11-285-01

Trust: 0.3

db:IVDid:FBA2ECDE-1F84-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: fba2ecde-1f84-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4144 // BID: 50047 // JVNDB: JVNDB-2012-002089 // CNNVD: CNNVD-201204-410 // CNNVD: CNNVD-201110-214 // NVD: CVE-2011-4871

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01.pdf

Trust: 2.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4871

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4871

Trust: 0.8

url:http://packetstormsecurity.org/files/105663/opc-systems.net-4.00.0048-denial-of-service.html

Trust: 0.6

url:http://www.securityfocus.com/bid/50047

Trust: 0.6

url:http://www.opcsystems.com/opc_systems_net.htm

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-285-01.pdf

Trust: 0.3

sources: CNVD: CNVD-2011-4144 // BID: 50047 // JVNDB: JVNDB-2012-002089 // CNNVD: CNNVD-201204-410 // CNNVD: CNNVD-201110-214 // NVD: CVE-2011-4871

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50047 // CNNVD: CNNVD-201110-214

SOURCES

db:IVDid:fba2ecde-1f84-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-4144
db:BIDid:50047
db:JVNDBid:JVNDB-2012-002089
db:CNNVDid:CNNVD-201204-410
db:CNNVDid:CNNVD-201110-214
db:NVDid:CVE-2011-4871

LAST UPDATE DATE

2024-08-14T15:14:12.310000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-4144date:2011-10-12T00:00:00
db:BIDid:50047date:2012-01-27T16:30:00
db:JVNDBid:JVNDB-2012-002089date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-410date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201110-214date:2011-10-18T00:00:00
db:NVDid:CVE-2011-4871date:2012-04-20T04:00:00

SOURCES RELEASE DATE

db:IVDid:fba2ecde-1f84-11e6-abef-000c29c66e3ddate:2011-10-12T00:00:00
db:CNVDid:CNVD-2011-4144date:2011-10-12T00:00:00
db:BIDid:50047date:2011-10-11T00:00:00
db:JVNDBid:JVNDB-2012-002089date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-410date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201110-214date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4871date:2012-04-18T10:33:31.107