Details of VAR-201311-0451

ID

VAR-201311-0451

TITLE

ABB MicroSCADA Stack Corruption Remote Code Execution Vulnerability

Trust: 0.9

sources: BID: 63903 // CNNVD: CNNVD-201311-434

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack corruption. An attacker can leverage this situation to execute code under the context of the user running the application. ABB MicroSCADA wserver.exe incorrectly filters user-submitted input, allowing remote attackers to exploit vulnerabilities to send specially crafted requests to TCP port 12221 to trigger a stack-based buffer overflow that can crash an application or execute arbitrary code. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. There is a code execution vulnerability in ABB MicroSCADA, which is caused by the program not performing boundary checks on user-submitted input

Trust: 2.16

sources: ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745 // CNNVD: CNNVD-201311-434 // BID: 63903 // IVD: 5a033b1a-1efb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5a033b1a-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14745

AFFECTED PRODUCTS

vendor:	abb	model:	microscada	scope:	eq	version:	9.x	Trust: 0.8
vendor:	abb	model:	microscada	scope:	-	version:	-	Trust: 0.7
vendor:	abb	model:	microscada sys	scope:	eq	version:	5008.4.5	Trust: 0.3
vendor:	abb	model:	microscada pro sys	scope:	eq	version:	6009.1.5	Trust: 0.3
vendor:	abb	model:	microscada pro sys fp2	scope:	eq	version:	6009.3	Trust: 0.3
vendor:	abb	model:	microscada pro sys fp1	scope:	eq	version:	6009.3	Trust: 0.3
vendor:	abb	model:	microscada pro sys	scope:	eq	version:	6009.3	Trust: 0.3
vendor:	abb	model:	microscada pro sys	scope:	eq	version:	6009.2	Trust: 0.3
vendor:	abb	model:	microscada pro sys	scope:	eq	version:	6009.1	Trust: 0.3
vendor:	abb	model:	microscada pro sys	scope:	eq	version:	6009.0	Trust: 0.3
vendor:	abb	model:	microscada com	scope:	eq	version:	5004.2	Trust: 0.3
vendor:	abb	model:	microscada com	scope:	eq	version:	5004.1	Trust: 0.3

sources: IVD: 5a033b1a-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745 // BID: 63903

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-13-268
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2013-14745
value:	HIGH
Trust: 0.6
IVD:	5a033b1a-1efb-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

ZDI:	ZDI-13-268
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2013-14745
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5a033b1a-1efb-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 5a033b1a-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-434

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201311-434

PATCH

title:	ABB has issued an update to correct this vulnerability.	url:	http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf	Trust: 0.7
title:	ABB MicroSCADA stack breaks patches for remote code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchinfo/show/41342	Trust: 0.6

sources: ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745

EXTERNAL IDS

db:	ZDI	id:	ZDI-13-268	Trust: 1.6
db:	BID	id:	63903	Trust: 1.5
db:	CNVD	id:	CNVD-2013-14745	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1772	Trust: 0.7
db:	CNNVD	id:	CNNVD-201311-434	Trust: 0.6
db:	IVD	id:	5A033B1A-1EFB-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 5a033b1a-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745 // BID: 63903 // CNNVD: CNNVD-201311-434

REFERENCES

url:	http://www.zerodayinitiative.com/advisories/zdi-13-268/	Trust: 0.9
url:	http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf	Trust: 0.7
url:	http://www.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/	Trust: 0.6
url:	http://www.securityfocus.com/bid/63903	Trust: 0.6
url:	http://www.abb.com/	Trust: 0.3

sources: ZDI: ZDI-13-268 // CNVD: CNVD-2013-14745 // BID: 63903 // CNNVD: CNNVD-201311-434

CREDITS

Andrea Micalizzi aka rgod

Trust: 1.6

sources: ZDI: ZDI-13-268 // BID: 63903 // CNNVD: CNNVD-201311-434

SOURCES

db:	IVD	id:	5a033b1a-1efb-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-13-268
db:	CNVD	id:	CNVD-2013-14745
db:	BID	id:	63903
db:	CNNVD	id:	CNNVD-201311-434

LAST UPDATE DATE

2022-05-17T02:07:14.126000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-13-268	date:	2013-11-24T00:00:00
db:	CNVD	id:	CNVD-2013-14745	date:	2013-11-27T00:00:00
db:	BID	id:	63903	date:	2013-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201311-434	date:	2013-12-23T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	5a033b1a-1efb-11e6-abef-000c29c66e3d	date:	2013-11-27T00:00:00
db:	ZDI	id:	ZDI-13-268	date:	2013-11-24T00:00:00
db:	CNVD	id:	CNVD-2013-14745	date:	2013-11-27T00:00:00
db:	BID	id:	63903	date:	2013-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201311-434	date:	2013-11-24T00:00:00