search menu icon-carat-right cmu-wordmark

CERT Coordination Center


IntelliCom NetBiter Config HICP hostname buffer overflow

Vulnerability Note VU#181737

Original Release Date: 2010-03-24 | Last Revised: 2010-03-26

Overview

The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.

Description

IntelliCom NetBiter devices are based on HMS Anybus technology. The HMS HICP protocol (3250/udp) provides a way to configure network settings for NetBiter and possibly other Anybus-based devices. The NetBiter Config HICP configuration utility (NetbiterConfig.exe) has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. Further details are available in the original post by Rubén Santamarta.

Impact

An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.

Solution

Upgrade

This vulnerability is addressed in NetBiter Config version 1.3.1. Please see IntelliCom Security Bulletin ISFR-4404-0007.


Restrict access

Restrict access to SCADA, DCS, and other control system networks.

Vendor Information

181737
Expand all

IntelliCom Innovation AB

Updated:  March 19, 2010

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Please see IntelliCom Security Bulletin ISFR-4404-0007.

Vendor References

http://support.intellicom.se/news.cfm?NWID=33 http://support.intellicom.se/getfile.cfm?FID=150

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This information was published by Rubén Santamarta.

This document was written by Art Manion.

Other Information

CVE IDs: CVE-2009-4462
Severity Metric: 0.48
Date Public: 2009-12-12
Date First Published: 2010-03-24
Date Last Updated: 2010-03-26 17:54 UTC
Document Revision: 19

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.