copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Secu... » ASB-2013.0018 - [Win] IntegraXor SCADA Server: Execu...
 

ASB-2013.0018 - [Win] IntegraXor SCADA Server: Execute arbitrary code/commands - Remote/unauthenticated
Date: 11 February 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0018
      A vulnerability has been identified in IntegraXor SCADA Server
                             11 February 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              IntegraXor SCADA Server
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-4700  
Member content until: Wednesday, March 13 2013

OVERVIEW

        A vulnerability has been identified in IntegraXor SCADA Server prior
        to version 4.0 build 4250.0. [1]


IMPACT

        The vendor has provided the following description regarding this
        vulnerability:
        
        "Security researcher Andrew Brooks have reported a vulnerability that 
        may occur when a specially crafted HTML document is opened with 
        ActiveX enabled browser, typically Microsoft I.E.. Successful 
        exploitation may crash the said browser. This attack has no impact on
        IntegraXor SCADA server itself." [1]
        
        ICS-CERT have also provided the following impact:
        
        "The vulnerability originates from buffer overflows in the PE3DO32A.ocx
        service component and can occur in multiple locations of the module. An
        attacker would need to create a specially crafted Web page or file with
        an ActiveX component for the client to open. This could allow an 
        attacker to cause a crash or to execute arbitrary code." [2]


MITIGATION

        The vendor recommends updating to the latest version of the IntegraXor
        SCADA Server application.
        
        "IGX developers have taken proactive step to patch the reported 
        vulnerability immediately on the next day, and has been included in
        latest Release which can be obtained at this link: 
        http://www.integraxor.com/download/beta.msi?4.00.4283. 
        All previous release before build 4283 will have this vulnerability
        impact. Please download and use this build or any future release to fix
        this ActiveX enabled browser vulnerability." [1]


REFERENCES

        [1] Security Issue for ActiveX enabled browser Vulnerability Note
            http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note

        [2] PE3DO32A.OCX BUFFER OVERFLOW
            http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBURh49u4yVqjM2NGpAQJXSw/+OiV5/+w9F1iLBlJ+bumUbIl/+GoG6s6Q
Xk5+QPd8m++8yX0FljJR7IWy0UpGCo9ISqwnCoXksRToaZii7JfF98uaQKTmQAPW
AOmUNEygSpd1RnnvPqWwwSKFaVT9C4kuC8zdoxu1QAStQpbozW/F3D8/kyIPR5Hq
sPb69oc8IFkMHpOmEXGW22/Uxyd9XeqVgbgoLE0kGEyBYaIQbGga4+Yv/GmtQUOs
0OsqC0mvHpD11oDKMWXNxKZMkuPi7L0TozXdGi3J21oPXu563L4hd1wAxDOsLFaE
Nyn3EHD8KJ6qqsfnuruxvrAxUqncEkWIZJ4i+25Nw+06NCp4XUX2ikpQ8z1oDDtn
kCWD92m14LxHhPi66EhwEzHZvV/eqwLsAkhWyq7qmSnjdSZEGOYmPDCQRoGfbxg9
Yu3DopSPuXRlTHCovYZ+VFU03vO6qbJKdarPDEp+Pd7H/pF/QRWw1mmdJRER15na
jBBMzdOvP3LSGud4IVo9PF/NSdOZBrmuJA4IIYMDhFJwt78ERoDq8twQS9G0TrcE
rWJsLnZTbrhnKUvUz5fdV2vA24RX2c1PaBzfF0whRoHzAF9vKuxLGUQffVoxIBVU
TOc15auIqO3bE1rijDBIITuKxDGY178VTM4EmjGn2pvN+UPPs9P9jY1n0QqONhqD
ioKPK6VhrSY=
=kjSC
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=10415&it=16962