AREVA e-terrahabitat contains multiple vulnerabilities.
AREVA e-terrahabitat is a core component of the Energy Management system that provides real-time data and process management services. e-terrahabitat contains vulnerabilities, including a buffer overflow. For more information on these issues AREVA customers should review the following issues in AREVA T&D Security Bulletin - ATD-08-002:
An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash.
This vulnerability was reported in AREVA T&D Security Bulletin - ATD-08-002 . AREVA credits Eyal Udassin and Jonathan Afek of C4, Idaho National Labs, and Department of Homeland Security Control Systems Security Program (DHS CSSP) with discovering and verifying these issues.