Digital Canal Structural created new software to mitigate a stack-based buffer overflow vulnerability in its Wind Analysis structural engineering software platform, according to a report with ICS-CERT.
Wind Analysis versions 9.1 and prior suffer from the remotely exploitable vulnerability, discovered by Peter Cheng.
Successful exploitation of this vulnerability could cause the device the attacker is accessing to become unavailable, resulting in a denial of service.
There are no known public exploits specifically target this vulnerability. However, an attacker with a low skill level would be able to leverage the vulnerability.
The product sees use mainly in the commercial facilities sector and it sees action in the United States.
An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.
CVE-2017-7898 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
Dubuque, Iowa-based Digital Canal Structural recommends that users upgrade to the latest version of the software.