Vulnerability Note VU#981849
Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service.
Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to TCP port 502 due to an error in "MiniHMI.exe". According to TippingPoint:
When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the MiniHMI.exe or cause a denial-of-service.
Automated Solutions has addressed this issue with an update. OEMs who suspect they use an affected version of the Automated Solutions Modbus TCP Slave ActiveX Control should contact Automated Solutions for more information. A link to an executable is available via TippingPoint, however, the nature of this executable is not known and clicking on unknown executables is not advisable.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Automated Solutions||Affected||-||31 Oct 2008|
CVSS Metrics (Learn More)
This vulnerability was reported by Ganesh Devarajan of TippingPoint DVLabs.
This document was written by Chris Taschner.
- CVE IDs: CVE-2007-4827
- Date Public: 20 Sep 2007
- Date First Published: 19 Dec 2008
- Date Last Updated: 19 Dec 2008
- Severity Metric: 2.84
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.