Vulnerability Note VU#981849
Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service.
Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to TCP port 502 due to an error in "MiniHMI.exe". According to TippingPoint:
When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the MiniHMI.exe or cause a denial-of-service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Automated Solutions||Affected||-||31 Oct 2008|
CVSS Metrics (Learn More)
This vulnerability was reported by Ganesh Devarajan of TippingPoint DVLabs.
This document was written by Chris Taschner.
- CVE IDs: CVE-2007-4827
- Date Public: 20 Sep 2007
- Date First Published: 19 Dec 2008
- Date Last Updated: 19 Dec 2008
- Severity Metric: 2.84
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.