ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

Monday, May 21, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

This advisory is a follow-up to the original alert titled ICS-ALERT-11-131-01 - Advantech Studio ISSymbol ActiveX Control Buffer Overflow Vulnerabilities that was published May 11, 2011, on the ICS-CERT web page.

A remote attacker could exploit these vulnerabilities; publicly available exploit code is known to exist that targets these vulnerabilities.

Independent researcher Dmitriy Pletnev of Secunia has identified multiple buffer overflow vulnerabilities in the Advantech Studio product. Advantech has produced a new version that mitigates these vulnerabilities. Mr. Pletnev has tested the new version to validate that it resolves the vulnerabilities.

AFFECTED PRODUCTS

The researcher reported that these vulnerabilities affect the following versions of Advantech Studio:

• Advantech ISSymbol ActiveX Control 61.6.0.0, and
• Advantech Studio 6.1 SP6 Build 61.6.01.05.

IMPACT

Successful exploitation of these vulnerabilities could allow an attacker to arbitrarily execute code. Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their environment, architecture, and product implementation.

BACKGROUND

Advantech Studio is a collection of automation tools that includes components required to develop human-machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) system applications that run on various Windows platforms.

According to Advantech, Advantech Studio is currently being used at nearly 2,000 installations worldwide. Advantech Studio can be used in a variety of applications including remote utility management, building automation, water and wastewater management, and factory automation.

VULNERABILITY OVERVIEW

BUFFER OVERFLOWS:  Boundary errors when processing any of four different properties can be exploited to cause buffer overflows, which in turn can allow execution of arbitrary code. CVE-2011-0340 has been assigned to these vulnerabilities.

EXPLOITABILITY:  These vulnerabilities are remotely exploitable.

EXISTENCE OF EXPLOIT:  Public exploits are known to target these vulnerabilities.

DIFFICULTY:  An attacker with a low skill level can create the denial of service whereas it would require a more skilled attacker to execute arbitrary code.

MITIGATION

Advantech recommends that users of Advantech Studio Version 6.1 and earlier versions upgrade to the new version, Advantech Studio 7.0. Customers should contact their authorized Advantech distributor or their Advantech account manager to discuss the transition plan to Advantech Studio 7.0.

Advantech further recommends that users affected by this announcement read the customer notice found at the following link:

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf

Possibly Related Articles:
7589
SCADA
Industrial Control Systems
SCADA Vulnerabilities Exploits Infrastructure Buffer Overflow Advisory Active X ICS-CERT Industrial Control Systems Advantech ISSymbol
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.