SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#190617

LiveData ICCP Server heap buffer overflow vulnerability

Overview

LiveData ICCP Server contains a heap-based buffer overflow. This vulnerability may allow a remote attacker to crash the server.

I. Description

Inter-Control Center Communications Protocol (ICCP)

According to the LiveData ICCP Server white paper:

    The Inter-Control Center Communications Protocol (ICCP) is being specified by utility organizations throughout the world to provide data exchange over wide area networks (WANs) between utility control centers, utilities, power pools, regional control centers, and Non-Utility Generators. ICCP is also an international standard: International Electrotechnical Commission (IEC) Telecontrol Application Service Element 2 (TASE.2).
ISO Transport Service over TCP (TPKT, RFC 1006)

RFC 1006 specifies how to run the OSI transport protocol on top of TCP/IP. In the layered protocol model, RFC 1006 is situated between the TCP and OSI transport layers.

LiveData ICCP Server and LiveData Server

LiveData ICCP Server records and transmits data to other control points in process control networks. According to the LiveData ICCP Server white paper:
    The LiveData ICCP Server is based on LiveData's standard off-the-shelf software product, LiveData Server, which features a rich set of integration methods that can be easily applied to new and existing SCADA/EMS/DCS systems.
The Problem

The LiveData implementation of RFC 1006 is vulnerable to a heap-based buffer overflow. By sending a specially crafted packet to a vulnerable LiveData RFC 1006 implementation, a remote attacker may be able to trigger the overflow.

II. Impact

This vulnerability may allow a remote, unauthenticated attacker to crash a LiveData ICCP Server.

III. Solution

Upgrade

This issue is corrected in LiveData ICCP Server version 5.00.035.

Systems Affected

VendorStatusDate NotifiedDate Updated
Advanced Control Systems, IncUnknown24-May-2006
BarcoUnknown25-May-2006
EliopUnknown8-May-2006
GEA-IndiaUnknown8-May-2006
HitachiUnknown21-Jun-2006
Invensys Process SystemsVulnerable26-Jun-2006
LiveData Inc.Vulnerable22-Sep-2008
LogicaCMGUnknown8-May-2006
Radio Control Central Stations, Inc.Unknown24-May-2006
SPL Worldgroup, Inc.Unknown8-May-2006
S&C Electric CompanyUnknown8-May-2006
TelventVulnerable22-Aug-2006
TelventUnknown22-Aug-2006

References


http://livedata.com/utilities.html
http://www.ietf.org/rfc/rfc1006.txt
http://www.ietf.org/rfc/rfc2126.txt
http://www.livedata.com/docs/LiveData_ICCP_Server.pdf
http://secunia.com/advisories/20146/

Credit

Thanks to Matt Franz of Digital Bond Inc. for reporting this vulnerability. Information used in this document came from LiveData.

This document was written by Jeff Gennari.

Other Information

Date Public:2006-05-16
Date First Published:2006-05-16
Date Last Updated:2008-09-22
CERT Advisory: 
CVE-ID(s):CVE-2006-0059
NVD-ID(s):CVE-2006-0059
US-CERT Technical Alerts: 
Metric:7.93
Document Revision:126

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader