Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3322

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3322
Last Modified 13 Feb 2012 11:08:30
Published 15 Sep 2011 01:58:42
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3322

Summary

Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.

Vulnerable Systems

Application

  • Scadatec Procyon Scada 1.06

  • Scadatec Procyon Scada 1.13


References

MISC - http://www.uscert.gov/control_systems/pdf/ICSA-11-216-01.pdf

XF - procyon-telnet-bo(69632)

MISC - http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack-Overflow

BID - 49480

EXPLOIT-DB - 17827

SECUNIA - 45866

OSVDB - 75371

SREASON - 8374


Last Updated: 27 May 2016 10:57:25