Vulnerability Note VU#337569
AREVA e-terrahabitat SCADA systems vulnerabilities
AREVA e-terrahabitat contains multiple vulnerabilities.
AREVA e-terrahabitat is a core component of the Energy Management system that provides real-time data and process management services. e-terrahabitat contains vulnerabilities, including a buffer overflow. For more information on these issues AREVA customers should review the following issues in AREVA T&D Security Bulletin - ATD-08-002:
An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash.
Limit network access to hosts that require connections to the portal. Do not allow access to the portal from untrusted networks such as the internet.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AREVA T&D||Affected||-||03 Feb 2009|
CVSS Metrics (Learn More)
This vulnerability was reported in AREVA T&D Security Bulletin - ATD-08-002. AREVA credits Eyal Udassin and Jonathan Afek of C4, Idaho National Labs, and Department of Homeland Security Control Systems Security Program (DHS CSSP) with discovering and verifying these issues.
This document was written by Chris Taschner.
- CVE IDs: CVE-2009-0210 CVE-2009-0211 CVE-2009-0212 CVE-2009-0213 CVE-2009-0214
- Date Public: 05 Feb 2009
- Date First Published: 05 Feb 2009
- Date Last Updated: 17 Feb 2009
- Severity Metric: 0.95
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.