Gesytec Easylon OPC Server fails to properly validate OPC server handles

From SCADApedia

Contents 1 Vulnerability 2 Affected Systems 3 Impact 4 Detection 5 Remediation 6 External Links

Vulnerability

Gesytec's Easylon OPC Server fails to properly validate OPC server handles. An attacker could leverage this vulnerability to arbitrarily read and write the process memory and execute code remotely. The vulnerability is due to the Easylon OPC Server failing to validate calls to the OPC Data Access Interface for the following methods:

IOPCSyncIO::Read

IOPCSyncIO::Write

IOPCServer::AddGroup

IOPCServer::RemoveGroup

IOPCCommon::SetClientName

IOPCGroupStateMgt::CloneGroup

This vulnerability was discovered by the team at Neutralbit.

Affected Systems

Gesytec Easylon OPC Server prior to Version 2.30.44

Impact

An attacker could read and write the process memory of a Gesytec Easylon OPC Server. This would allow the attacker to execute code remotely on the system with the privileges of the user running the Gesytec Easylon OPC Server.

An attacker may monitor the memory and learn about the application. The attacker could then alter data that is displayed to the user or data being transmitted to or from other systems.

Detection

Refer to the product’s version number to determine if the software is vulnerable.

Remediation

Gesytec has addressed the vulnerability. Upgrade to Easylon OPC Server Version 2.30.44 or newer.

Restrict remote access to the system running the Easylon OPC Server. Access can be restricted by network and system firewalls or by using private networks.

External Links

US-CERT Vulnerability Note 205073

FTP Site for Gesytec Easylon OPC Servers

Neutralbit's Security Advisories