Takebishi DeviceXPlorer OPC Server fails to properly validate OPC server handles

From SCADApedia

Contents 1 Vulnerability 2 Affected Systems 3 Impact 4 Detection 5 Remediation 6 External Links

Vulnerability

Takebishi’s DeviceXPlorer OPC Server fails to properly validate OPC server handles. The vulnerability is due to the DeviceXPlorer OPC Server failing to validate calls to the OPC Data Access Interface for the IOPCServer::RemoveGroup method. An attacker could leverage this vulnerability to arbitrarily read and write the process memory and execute code remotely.

This vulnerability was discovered by the team at Neutralbit.

Affected Systems

DeviceXPlorer MELSEC OPC Server V3.11 Build6 former

DeviceXPlorer MELSEC OPC Server V3.12 Build1

DeviceXPlorer MELSEC OPC Server V3.12 Build2

DeviceXPlorer SYSMAC OPC Server V3.11 Build6 former

DeviceXPlorer SYSMAC OPC Server V3.12 Build1

DeviceXPlorer SYSMAC OPC Server V3.12 Build2

DeviceXPlorer FA-M3 OPC Server V3.11 Build6 former

DeviceXPlorer FA-M3 OPC Server V3.12 Build1

DeviceXPlorer FA-M3 OPC Server V3.12 Build2

DeviceXPlorer TOYOPUC OPC Server V3.11 Build6 former

DeviceXPlorer TOYOPUC OPC Server V3.12 Build1

DeviceXPlorer TOYOPUC OPC Server V3.12 Build2

DeviceXPlorer HIDIC OPC Server V3.11 Build6 former

DeviceXPlorer HIDIC OPC Server V3.12 Build1

DeviceXPlorer HIDIC OPC Server V3.12 Build2

DeviceXPlorer MODBUS OPC Server V3.11 Build6 former

DeviceXPlorer MODBUS OPC Server V3.12 Build1

DeviceXPlorer MODBUS OPC Server V3.12 Build2

Impact

An attacker could read and write the process memory of a DeviceXPlorer OPC Server. This would allow the attacker to execute code remotely on the system with the privileges of the user running the DeviceXPlorer OPC Server.

An attacker may monitor the memory and learn about the application. The attacker could then alter data that is displayed to the user or data being transmitted to or from other systems.

Detection

Refer to the product’s version number to determine if the software is vulnerable.

Remediation

Takebishi has addressed the vulnerability. Upgrade to DeviceXPlorer OPC Server V3.12 Build 3 and refer to the Takebishi’s security notice regarding this vulnerability.

Restrict remote access to the system running the DeviceXPlorer OPC Server. Access can be restricted by network and system firewalls or by using private networks.

External Links

US-CERT Vulnerability Note 926551

Takebishi’s DeviceXPlorer OPC Vulnerability Security Notice

Neutralbit's Security Advisories