Telvent Information for VU#190617

LiveData ICCP Server heap buffer overflow vulnerability

Status

Affected

Vendor Statement

Telvent is committed to ensuring the security of all of our customers and to addressing any potential vulnerabilities associated with our products, or third-party products we have integrated or deployed alongside our products. All customers affected by the LiveData VU#190617 vulnerability have been contacted directly.

Situation:

Telvent has deployed a very limited number of systems utilizing the LiveData Live RTI Server product, only one of which was found to operate the vulnerable version of the application. This system had not yet entered operation and an upgrade to a non-vulnerable version of the LiveData software was performed at the factory. Testing was performed to ensure that no adverse affects resulted from this upgrade.

Any future deployments of the LiveData Live RTI Server software will be performed using software versions which are not subject to this vulnerability. No Telvent product lines are directly affected by this vulnerability and only those customers who have also requested the deployment of the LiveData Live RTI Server faced possible impact. No Telvent product lines or deployed systems remain affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.