Vulnerability Note VU#190617

LiveData ICCP Server heap buffer overflow vulnerability

Original Release date: 16 May 2006 | Last revised: 22 Sep 2008

Overview

LiveData ICCP Server contains a heap-based buffer overflow. This vulnerability may allow a remote attacker to crash the server.

Description

Inter-Control Center Communications Protocol (ICCP)

According to the LiveData ICCP Server white paper:

    The Inter-Control Center Communications Protocol (ICCP) is being specified by utility organizations throughout the world to provide data exchange over wide area networks (WANs) between utility control centers, utilities, power pools, regional control centers, and Non-Utility Generators. ICCP is also an international standard: International Electrotechnical Commission (IEC) Telecontrol Application Service Element 2 (TASE.2).
ISO Transport Service over TCP (TPKT, RFC 1006)

RFC 1006 specifies how to run the OSI transport protocol on top of TCP/IP. In the layered protocol model, RFC 1006 is situated between the TCP and OSI transport layers.

LiveData ICCP Server and LiveData Server

LiveData ICCP Server records and transmits data to other control points in process control networks. According to the LiveData ICCP Server white paper:
    The LiveData ICCP Server is based on LiveData's standard off-the-shelf software product, LiveData Server, which features a rich set of integration methods that can be easily applied to new and existing SCADA/EMS/DCS systems.
The Problem

The LiveData implementation of RFC 1006 is vulnerable to a heap-based buffer overflow. By sending a specially crafted packet to a vulnerable LiveData RFC 1006 implementation, a remote attacker may be able to trigger the overflow.

Impact

This vulnerability may allow a remote, unauthenticated attacker to crash a LiveData ICCP Server.

Solution

Upgrade
This issue is corrected in LiveData ICCP Server version 5.00.035.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Invensys Process SystemsAffected08 May 200626 Jun 2006
LiveData Inc.Affected23 Feb 200622 Sep 2008
TelventAffected08 May 200622 Aug 2006
Advanced Control Systems, IncUnknown08 May 200624 May 2006
BarcoUnknown08 May 200625 May 2006
EliopUnknown08 May 200608 May 2006
GEA-IndiaUnknown08 May 200608 May 2006
HitachiUnknown21 Jun 200621 Jun 2006
LogicaCMGUnknown08 May 200608 May 2006
Radio Control Central Stations, Inc.Unknown08 May 200624 May 2006
SPL Worldgroup, Inc.Unknown08 May 200608 May 2006
S&C Electric CompanyUnknown08 May 200608 May 2006
TelventUnknown22 Aug 200622 Aug 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Matt Franz of Digital Bond Inc. for reporting this vulnerability. Information used in this document came from LiveData.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0059
  • Date Public: 16 May 2006
  • Date First Published: 16 May 2006
  • Date Last Updated: 22 Sep 2008
  • Severity Metric: 7.93
  • Document Revision: 126

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.