VAR-201311-0451
Vulnerability from variot - Updated: 2022-05-17 02:07This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack corruption. An attacker can leverage this situation to execute code under the context of the user running the application. ABB MicroSCADA wserver.exe incorrectly filters user-submitted input, allowing remote attackers to exploit vulnerabilities to send specially crafted requests to TCP port 12221 to trigger a stack-based buffer overflow that can crash an application or execute arbitrary code. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. There is a code execution vulnerability in ABB MicroSCADA, which is caused by the program not performing boundary checks on user-submitted input
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "microscada",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "9.x"
},
{
"_id": null,
"model": "microscada",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"_id": null,
"model": "microscada sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5008.4.5"
},
{
"_id": null,
"model": "microscada pro sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.1.5"
},
{
"_id": null,
"model": "microscada pro sys fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.3"
},
{
"_id": null,
"model": "microscada pro sys fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.3"
},
{
"_id": null,
"model": "microscada pro sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.3"
},
{
"_id": null,
"model": "microscada pro sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.2"
},
{
"_id": null,
"model": "microscada pro sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.1"
},
{
"_id": null,
"model": "microscada pro sys",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6009.0"
},
{
"_id": null,
"model": "microscada com",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5004.2"
},
{
"_id": null,
"model": "microscada com",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5004.1"
}
],
"sources": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
},
{
"db": "BID",
"id": "63903"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "BID",
"id": "63903"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
],
"trust": 1.6
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-268",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14745",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-268",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack corruption. An attacker can leverage this situation to execute code under the context of the user running the application. ABB MicroSCADA wserver.exe incorrectly filters user-submitted input, allowing remote attackers to exploit vulnerabilities to send specially crafted requests to TCP port 12221 to trigger a stack-based buffer overflow that can crash an application or execute arbitrary code. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. \nThere is a code execution vulnerability in ABB MicroSCADA, which is caused by the program not performing boundary checks on user-submitted input",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
},
{
"db": "BID",
"id": "63903"
},
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
}
],
"trust": 2.16
},
"external_ids": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-13-268",
"trust": 1.6
},
{
"db": "BID",
"id": "63903",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14745",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1772",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434",
"trust": 0.6
},
{
"db": "IVD",
"id": "5A033B1A-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
},
{
"db": "BID",
"id": "63903"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
]
},
"id": "VAR-201311-0451",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
}
],
"trust": 1.58571427
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
}
]
},
"last_update_date": "2022-05-17T02:07:14.126000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ABB has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf"
},
{
"title": "ABB MicroSCADA stack breaks patches for remote code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41342"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-268/"
},
{
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf"
},
{
"trust": 0.6,
"url": "http://www.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/63903"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-268"
},
{
"db": "CNVD",
"id": "CNVD-2013-14745"
},
{
"db": "BID",
"id": "63903"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-13-268",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2013-14745",
"ident": null
},
{
"db": "BID",
"id": "63903",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "5a033b1a-1efb-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-268",
"ident": null
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14745",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63903",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-434",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-268",
"ident": null
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14745",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63903",
"ident": null
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-434",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ABB MicroSCADA Stack Corruption Remote Code Execution Vulnerability",
"sources": [
{
"db": "BID",
"id": "63903"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-434"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…