ID

VAR-200801-0249

CVE

CVE-2008-0176

TITLE

GE-Fanuc CIMPLICITY w32rtr.exe Remote Heap Overflow Vulnerability

DESCRIPTION

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. GE Fanuc CIMPLICITY HMI Contains a heap buffer overflow vulnerability. GE Fanuc CIMPLICITY HMI Is a product used for monitoring and controlling production information systems. this CIMPLICITY Network service processes (w32rtr.exe) Contains a heap buffer overflow vulnerability on both the server and the client. Attackers have this vulnerability CIMPLICITY HMI This vulnerability could be exploited by sending crafted packets to the system.Arbitrary code execution or denial of service by a remote attacker (DoS) There is a possibility of being attacked.  GE Fanuc CIMPLICITY has a vulnerability in processing malformed requests. Remote attackers could use this vulnerability to control servers. An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions. Versions prior to CIMPLICITY 7.0 SIM 9 are vulnerable. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer Overflow SECUNIA ADVISORY ID: SA28663 VERIFY ADVISORY: http://secunia.com/advisories/28663/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: Proficy HMI/SCADA - CIMPLICITY 6.x http://secunia.com/product/11105/ Proficy HMI/SCADA - CIMPLICITY 7.x http://secunia.com/product/17337/ DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to a boundary error in w32rtr.exe when processing packets and can be exploited to cause a heap-based buffer overflow by sending a specially-crafted packet to default port 32000/TCP. The vulnerability is reported in version 6.1. SOLUTION: Apply hotfixes. Please see the vendor's advisory for details. * CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106 * CIMPLICITY 7.0 SIM 9 PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security ORIGINAL ADVISORY: GE Fanuc (KB12458): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458 C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html OTHER REFERENCES: US-CERT VU#308556: http://www.kb.cert.org/vuls/id/308556 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ----------------- Vendor product information: CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for the collection, monitoring, supervisory control and sharing of critical process and production data throughout your operations CIMPLICITY has been used in all industries -- from process to discrete, to system monitoring. It is extremely well suited for discrete applications, and handles very large amounts of digital signals and alarm bursts. Its advanced Client/Sever architecture makes it easy to start small and expand your system. The description of the vulnerability is intentionally limited as this software controls critical national infrastructure. Impact ---------- An attacker can compromise the Cimplicity 6.1 control server, and each of the operator workstations. Workaround/Fix ----------------------- The vendor issued a hotfix to resolve this vulnerability Additional Information ------------------------------- For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0176 Credit -------- This vulnerability was discovered and exploited by Gilad Bakas and Eyal Udassin of C4. Regards, Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com <http://www.c4-security.com/> +972-547-684989

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Buffer overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Douglas A. Stewart of CERT as well as Gilad Bakas and Eyal Udassin of C4 are credited with the discovery of this vulnerability.

SOURCES

LAST UPDATE DATE

2025-04-10T23:16:41.721000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE