New SCADA Vulnerabilities in OPC Servers

Published: 2007-03-23
Last Updated: 2007-03-23 19:12:34 UTC
by John Bambenek (Version: 1)
0 comment(s)
Last night, 6 e-mails hit the Bugtraq list detailing vulnerabilities in OPC (OLE for Process Control) servers made by Takebishi Electric (vuln 1, vuln 2, vuln 3, vuln 4, vuln 5) and NETxAUTOMATION (vuln 1). The CVE entry for this is CVE-2007-1319 (for Takabishi) and CVE-2007-1313 (for NETxAUTOMATION).

OPC servers are used in SCADA systems (power grid, water system, etc) to consolidate network device info. These vulnerabilities allow for remote access to memory and could be used for remote code execution.  Authentication would be bypassed and an attacker could potentially take complete control of the OPC server. Because of the kind of applications OPC servers are used in, this vulnerability is important to remediate.

In all 6 cases, the vendor has an updates available for users to upgrade to.  The vulnerabilities were found during an OPC server assessment by Neutralbit for one of their customers. At present, there is no known exploit code in the fild.

If you are running either of these two vendors in your environment, you should upgrade immediately.
John Bambenek  bambenek /at/
University of Illinois at Urbana-Champaign
0 comment(s)


Diary Archives