Sign-up

ID

VAR-201109-0224


CVE

CVE-2011-3322


TITLE

Scadatec Procyon Telnet Service Remote Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3547 // BID: 49480

DESCRIPTION

Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow. Scadatec Procyon is an HMI/SCADA software. A failed attack attempt could result in a denial of service. Scadatec Procyon is prone to a remote buffer-overflow vulnerability. Versions prior to Procyon 1.14 are vulnerable. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Procyon SCADA Core Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45866 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Procyon SCADA, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the Core service (Coreservice.exe) when handling "LOGON" requests. This can be exploited to cause a stack-based buffer overflow via an overly long string sent to TCP port 23. Successful exploitation allows execution of arbitrary code with SYSTEM privileges. The vulnerability is confirmed in version 1.06. SOLUTION: Update to version 1.14. PROVIDED AND/OR DISCOVERED BY: Knud H\xf8jgaard, nSense via ICS-CERT and Steven Seeley, stratsec. ORIGINAL ADVISORY: ICS-CERT: http://www.uscert.gov/control_systems/pdf/ICSA-11-216-01.pdf stratsec: http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack-Overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-3322 // JVNDB: JVNDB-2011-002223 // CNVD: CNVD-2011-3547 // BID: 49480 // IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // PACKETSTORM: 104919

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3547

AFFECTED PRODUCTS

vendor:scadatecmodel:procyon scadascope:eqversion:1.06

Trust: 2.4

vendor:scadatecmodel:procyon scadascope:eqversion:1.13

Trust: 1.6

vendor:scadatecmodel:procyonscope:eqversion:1.13

Trust: 0.9

vendor:scadatecmodel:procyon scadascope:ltversion:1.14

Trust: 0.8

vendor:scadatecmodel:procyonscope:neversion:1.14

Trust: 0.3

vendor:procyon scadamodel: - scope:eqversion:1.06

Trust: 0.2

vendor:procyon scadamodel: - scope:eqversion:1.13

Trust: 0.2

sources: IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3547 // BID: 49480 // JVNDB: JVNDB-2011-002223 // CNNVD: CNNVD-201109-086 // NVD: CVE-2011-3322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3322
value: HIGH

Trust: 1.0

NVD: CVE-2011-3322
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201109-086
value: CRITICAL

Trust: 0.6

IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-3322
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-002223 // CNNVD: CNNVD-201109-086 // NVD: CVE-2011-3322

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-002223 // NVD: CVE-2011-3322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-086

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002223

PATCH
title:Procyon HMI/SCADA Productsurl:http://www.scadatec.co.uk/procyon_products.html
Trust: 0.8
title:Patch for Scadatec Procyon Telnet Service Remote Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/5011
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-3547 // 
            
            
            
            JVNDB: JVNDB-2011-002223

EXTERNAL IDS
db:NVDid:CVE-2011-3322
Trust: 3.5
db:BIDid:49480
Trust: 3.3
db:ICS CERTid:ICSA-11-216-01
Trust: 2.8
db:SECUNIAid:45866
Trust: 2.6
db:OSVDBid:75371
Trust: 2.4
db:EXPLOIT-DBid:17827
Trust: 1.6
db:XFid:69632
Trust: 1.4
db:SREASONid:8374
Trust: 1.0
db:CNVDid:CNVD-2011-3547
Trust: 0.8
db:CNNVDid:CNNVD-201109-086
Trust: 0.8
db:JVNDBid:JVNDB-2011-002223
Trust: 0.8
db:NSFOCUSid:17693
Trust: 0.6
db:NSFOCUSid:17670
Trust: 0.6
db:HTTP://WWW.USCERT.GOV/CONTROL_SYSTEMS/PDF/ICSA-11-216-01.PDFid:HTTP://WWW.USCERT.GOV/CONTROL_SYSTEMS/PDF/ICSA-11-216-01.PDF
Trust: 0.6
db:IVDid:A5DF9C2E-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:104919
Trust: 0.1
sources:
            
            
            IVD: a5df9c2e-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-3547 // 
            
            
            
            BID: 49480 // 
            
            
            
            JVNDB: JVNDB-2011-002223 // 
            
            
            
            PACKETSTORM: 104919 // 
            
            
            
            CNNVD: CNNVD-201109-086 // 
            
            
            
            NVD: CVE-2011-3322

REFERENCES
url:http://osvdb.org/75371
Trust: 2.4
url:http://secunia.com/advisories/45866
Trust: 2.4
url:http://www.securityfocus.com/bid/49480
Trust: 2.4
url:http://www.stratsec.net/research/advisories/procyon-core-server-hmi-remote-stack-overflow
Trust: 1.7
url:http://www.uscert.gov/control_systems/pdf/icsa-11-216-01.pdf
Trust: 1.7
url:http://www.exploit-db.com/exploits/17827
Trust: 1.6
url:http://xforce.iss.net/xforce/xfdb/69632
Trust: 1.4
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-216-01.pdf
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69632
Trust: 1.0
url:http://securityreason.com/securityalert/8374
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3322
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3322
Trust: 0.8
url:http://www.securityfocus.com/bid/49480/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/17693
Trust: 0.6
url:http://www.nsfocus.net/vulndb/17670
Trust: 0.6
url:http://www.scadatec.co.uk/procyon_products.html
Trust: 0.3
url:http://secunia.com/advisories/45866/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/blog/242
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45866
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/45866/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-3547 // 
            
            
            
            BID: 49480 // 
            
            
            
            JVNDB: JVNDB-2011-002223 // 
            
            
            
            PACKETSTORM: 104919 // 
            
            
            
            CNNVD: CNNVD-201109-086 // 
            
            
            
            NVD: CVE-2011-3322

CREDITS
Knud Højgaard
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201109-086

SOURCES
db:IVDid:a5df9c2e-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3547
db:BIDid:49480
db:JVNDBid:JVNDB-2011-002223
db:PACKETSTORMid:104919
db:CNNVDid:CNNVD-201109-086
db:NVDid:CVE-2011-3322

LAST UPDATE DATE
2025-04-11T23:10:49.790000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-3547date:2011-09-07T00:00:00
db:BIDid:49480date:2013-04-02T15:47:00
db:JVNDBid:JVNDB-2011-002223date:2011-09-21T00:00:00
db:CNNVDid:CNNVD-201109-086date:2011-09-16T00:00:00
db:NVDid:CVE-2011-3322date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:a5df9c2e-2354-11e6-abef-000c29c66e3ddate:2011-09-07T00:00:00
db:CNVDid:CNVD-2011-3547date:2011-09-07T00:00:00
db:BIDid:49480date:2011-09-06T00:00:00
db:JVNDBid:JVNDB-2011-002223date:2011-09-21T00:00:00
db:PACKETSTORMid:104919date:2011-09-08T08:14:53
db:CNNVDid:CNNVD-201109-086date:2011-09-09T00:00:00
db:NVDid:CVE-2011-3322date:2011-09-15T17:58:42.403