Details of VAR-200712-0406

ID

VAR-200712-0406

CVE

CVE-2007-4473

TITLE

Easylon OPC Server Arbitrary code execution vulnerability

Trust: 1.9

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-7002 // BID: 26876 // CNNVD: CNNVD-200712-200

DESCRIPTION

Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. Gesytec Easylon OPC Server Does not properly validate the server handle, so arbitrary code may be executed or denial of service (DoS) There is a vulnerability that will be in a state. Easylon OPC Server is a system control server software used in the field of industrial automation. This issue affects versions prior to Easylon OPC Server 2.3.44. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an error when validating server handles and can be exploited to e.g. SOLUTION: Update to version 2.3.44 or later. ftp://ftp.gesytec.de/pub/opc/ PROVIDED AND/OR DISCOVERED BY: Neutralbit ORIGINAL ADVISORY: VU#205073: http://www.kb.cert.org/vuls/id/205073 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.6

sources: NVD: CVE-2007-4473 // CERT/CC: VU#205073 // JVNDB: JVNDB-2007-002540 // CNVD: CNVD-2007-7002 // BID: 26876 // IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // PACKETSTORM: 61853

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2007-7002

AFFECTED PRODUCTS

vendor:	gesytec easylon	model:	opc server	scope:	eq	version:	2.30.32	Trust: 1.6
vendor:	gesytec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gesytec easylon	model:	opc server	scope:	lt	version:	2.3.44	Trust: 0.8
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	opc server	model:	-	scope:	eq	version:	2.30.32	Trust: 0.4
vendor:	gesytec	model:	easylon opc server	scope:	eq	version:	2.30.32	Trust: 0.3
vendor:	gesytec	model:	easylon opc server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	gesytec	model:	easylon opc server	scope:	ne	version:	2.3.44	Trust: 0.3

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#205073 // CNVD: CNVD-2007-7002 // BID: 26876 // JVNDB: JVNDB-2007-002540 // CNNVD: CNNVD-200712-200 // NVD: CVE-2007-4473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4473
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#205073
value:	4.50
Trust: 0.8
NVD:	CVE-2007-4473
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200712-200
value:	CRITICAL
Trust: 0.6
IVD:	7d75b1de-463f-11e9-a03e-000c29342cb1
value:	CRITICAL
Trust: 0.2
IVD:	18d7792a-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2007-4473
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	7d75b1de-463f-11e9-a03e-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	18d7792a-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#205073 // JVNDB: JVNDB-2007-002540 // CNNVD: CNNVD-200712-200 // NVD: CVE-2007-4473

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2007-002540 // NVD: CVE-2007-4473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-200

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200712-200

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002540

PATCH

title:

Top Page

url:

http://www.gesytec.de/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002540

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4473	Trust: 3.7
db:	CERT/CC	id:	VU#205073	Trust: 3.6
db:	BID	id:	26876	Trust: 1.9
db:	SECUNIA	id:	28079	Trust: 1.8
db:	OSVDB	id:	42650	Trust: 1.6
db:	CNVD	id:	CNVD-2007-7002	Trust: 1.0
db:	CNNVD	id:	CNNVD-200712-200	Trust: 1.0
db:	JVNDB	id:	JVNDB-2007-002540	Trust: 0.8
db:	XF	id:	39062	Trust: 0.6
db:	NSFOCUS	id:	11286	Trust: 0.6
db:	IVD	id:	7D75B1DE-463F-11E9-A03E-000C29342CB1	Trust: 0.2
db:	IVD	id:	18D7792A-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	61853	Trust: 0.1

sources: IVD: 7d75b1de-463f-11e9-a03e-000c29342cb1 // IVD: 18d7792a-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#205073 // CNVD: CNVD-2007-7002 // BID: 26876 // JVNDB: JVNDB-2007-002540 // PACKETSTORM: 61853 // CNNVD: CNNVD-200712-200 // NVD: CVE-2007-4473

REFERENCES

url:	http://www.kb.cert.org/vuls/id/205073	Trust: 2.8
url:	http://www.neutralbit.com/en/rd/opctest/	Trust: 2.4
url:	http://www.neutralbit.com/downloads/nb-nb-001-ext-opc%20security%20testing.pdf	Trust: 1.6
url:	http://osvdb.org/42650	Trust: 1.6
url:	http://www.securityfocus.com/bid/26876	Trust: 1.6
url:	http://secunia.com/advisories/28079	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/39062	Trust: 1.0
url:	ftp://ftp.gesytec.de/pub/opc/	Trust: 0.8
url:	http://www.cpni.gov.uk/docs/re-20050223-00157.pdf	Trust: 0.8
url:	http://www.opcfoundation.org/default.aspx/01_about/01_whatis.asp?mid=aboutopc	Trust: 0.8
url:	http://en.wikipedia.org/wiki/ole_for_process_control	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4473	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4473	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/39062	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/11286	Trust: 0.6
url:	http://www.gesytec.de/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/28079/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://secunia.com/product/16967/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#205073 // BID: 26876 // JVNDB: JVNDB-2007-002540 // PACKETSTORM: 61853 // CNNVD: CNNVD-200712-200 // NVD: CVE-2007-4473

CREDITS

NeutralBit http://www.neutralbit.com/

Trust: 0.6

sources: CNNVD: CNNVD-200712-200

SOURCES

db:	IVD	id:	7d75b1de-463f-11e9-a03e-000c29342cb1
db:	IVD	id:	18d7792a-2352-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#205073
db:	CNVD	id:	CNVD-2007-7002
db:	BID	id:	26876
db:	JVNDB	id:	JVNDB-2007-002540
db:	PACKETSTORM	id:	61853
db:	CNNVD	id:	CNNVD-200712-200
db:	NVD	id:	CVE-2007-4473

LAST UPDATE DATE

2025-04-10T23:11:32.771000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#205073	date:	2008-01-10T00:00:00
db:	CNVD	id:	CNVD-2007-7002	date:	2007-12-14T00:00:00
db:	BID	id:	26876	date:	2007-12-17T21:01:00
db:	JVNDB	id:	JVNDB-2007-002540	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200712-200	date:	2007-12-18T00:00:00
db:	NVD	id:	CVE-2007-4473	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	7d75b1de-463f-11e9-a03e-000c29342cb1	date:	2007-12-14T00:00:00
db:	IVD	id:	18d7792a-2352-11e6-abef-000c29c66e3d	date:	2007-12-14T00:00:00
db:	CERT/CC	id:	VU#205073	date:	2007-12-14T00:00:00
db:	CNVD	id:	CNVD-2007-7002	date:	2007-12-14T00:00:00
db:	BID	id:	26876	date:	2007-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2007-002540	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	61853	date:	2007-12-18T00:56:59
db:	CNNVD	id:	CNNVD-200712-200	date:	2007-12-17T00:00:00
db:	NVD	id:	CVE-2007-4473	date:	2007-12-17T21:46:00