11 February 2013
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0018 A vulnerability has been identified in IntegraXor SCADA Server 11 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IntegraXor SCADA Server Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-4700 Member content until: Wednesday, March 13 2013 OVERVIEW A vulnerability has been identified in IntegraXor SCADA Server prior to version 4.0 build 4250.0.  IMPACT The vendor has provided the following description regarding this vulnerability: "Security researcher Andrew Brooks have reported a vulnerability that may occur when a specially crafted HTML document is opened with ActiveX enabled browser, typically Microsoft I.E.. Successful exploitation may crash the said browser. This attack has no impact on IntegraXor SCADA server itself."  ICS-CERT have also provided the following impact: "The vulnerability originates from buffer overflows in the PE3DO32A.ocx service component and can occur in multiple locations of the module. An attacker would need to create a specially crafted Web page or file with an ActiveX component for the client to open. This could allow an attacker to cause a crash or to execute arbitrary code."  MITIGATION The vendor recommends updating to the latest version of the IntegraXor SCADA Server application. "IGX developers have taken proactive step to patch the reported vulnerability immediately on the next day, and has been included in latest Release which can be obtained at this link: http://www.integraxor.com/download/beta.msi?4.00.4283. All previous release before build 4283 will have this vulnerability impact. Please download and use this build or any future release to fix this ActiveX enabled browser vulnerability."  REFERENCES  Security Issue for ActiveX enabled browser Vulnerability Note http://www.integraxor.com/blog/security-issue-for-activex-enabled-browser-vulnerability-note  PE3DO32A.OCX BUFFER OVERFLOW http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBURh49u4yVqjM2NGpAQJXSw/+OiV5/+w9F1iLBlJ+bumUbIl/+GoG6s6Q Xk5+QPd8m++8yX0FljJR7IWy0UpGCo9ISqwnCoXksRToaZii7JfF98uaQKTmQAPW AOmUNEygSpd1RnnvPqWwwSKFaVT9C4kuC8zdoxu1QAStQpbozW/F3D8/kyIPR5Hq sPb69oc8IFkMHpOmEXGW22/Uxyd9XeqVgbgoLE0kGEyBYaIQbGga4+Yv/GmtQUOs 0OsqC0mvHpD11oDKMWXNxKZMkuPi7L0TozXdGi3J21oPXu563L4hd1wAxDOsLFaE Nyn3EHD8KJ6qqsfnuruxvrAxUqncEkWIZJ4i+25Nw+06NCp4XUX2ikpQ8z1oDDtn kCWD92m14LxHhPi66EhwEzHZvV/eqwLsAkhWyq7qmSnjdSZEGOYmPDCQRoGfbxg9 Yu3DopSPuXRlTHCovYZ+VFU03vO6qbJKdarPDEp+Pd7H/pF/QRWw1mmdJRER15na jBBMzdOvP3LSGud4IVo9PF/NSdOZBrmuJA4IIYMDhFJwt78ERoDq8twQS9G0TrcE rWJsLnZTbrhnKUvUz5fdV2vA24RX2c1PaBzfF0whRoHzAF9vKuxLGUQffVoxIBVU TOc15auIqO3bE1rijDBIITuKxDGY178VTM4EmjGn2pvN+UPPs9P9jY1n0QqONhqD ioKPK6VhrSY= =kjSC -----END PGP SIGNATURE-----