AREVA e-terrahabitat contains multiple vulnerabilities.
AREVA e-terrahabitat is a core component of the Energy Management system that provides real-time data and process management services. e-terrahabitat contains vulnerabilities, including a buffer overflow. For more information on these issues AREVA customers should review the following issues in AREVA T&D Security Bulletin - ATD-08-002:
An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash.
This vulnerability was reported in AREVA T&D Security Bulletin - ATD-08-002 . AREVA credits Eyal Udassin and Jonathan Afek of C4, Idaho National Labs, and Department of Homeland Security Control Systems Security Program (DHS CSSP) with discovering and verifying these issues.
This document was written by Chris Taschner.