|
|
|
Vulnerability Note VU#926551Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handlesOverviewThe Takebishi Electric DeviceXPlorer OPC server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service.I. DescriptionOLE for Process Control (OPC) is a specification for a standard set of OLE COM objects for use in the process control and manufacturing fields. OPC servers are often used in control systems to consolidate field and network device information.The Takebishi Electric DeviceXPlorer OPC Server fails to properly validate server handles. This vulnerability may be triggered by an attacker with access to the server's OPC interface.
II. ImpactAn attacker with access to the Takebishi Electric DeviceXPlorer OPC Server may be able to arbitrarily access server process memory, potentially allowing that attacker to execute arbitrary code or cause a denial-of-service.III. SolutionUpgradeTakebishi has released DeviceXPlorer OPC Server V3.12 Build3 to address this vulnerability. Refer to Takebishi's Security Notice for DeviceXPlorer OPC Server for more information.
References
This vulnerability was reported by NeutralBit. This document was written by Jeff Gennari based on information from NeutralBit and Takebishi.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||