Mitigation details are available for a buffer overflow vulnerability that impacts the Ecava IntegraXor application, according to a report in ICS-CERT.
Independent researcher Andrew Brooks, who found vulnerability, tested the patch to validate that it resolves this vulnerability. Exploitation of this remotely exploitable vulnerability would allow an attacker to execute arbitrary code or cause a denial of service (DoS).
The IntegraXor SCADA Server 4.00 build 4250.0 and earlier suffers from the issue.
Successfully exploiting this bug could lead to a DoS for the application or could allow an attacker to execute arbitrary code. This could impact multiple sectors, including critical manufacturing.
Ecava Sdn Bhd is a Malaysia-based software development company that provides the IntegraXor SCADA product. Ecava specializes in factory and process automation solutions. IntegraXor is a suite of tools used to create and run a Web-based human-machine interface for a SCADA system.
IntegraXor sees use in several areas of process control in 38 countries with the largest installation based in the United Kingdom, United States, Australia, Poland, Canada, and Estonia.
The vulnerability originates from buffer overflows in the PE3DO32A.ocx service component and can occur in multiple locations of the module. An attacker would need to create a specially crafted Web page or file with an ActiveX component for the client to open. This could allow an attacker to cause a crash or to execute arbitrary code.
CVE-2012-4700 is the number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.
No known public exploits specifically target this vulnerability, which would require a bit of social engineering to convince a user to go to a specially crafted Web page to exploit the vulnerability remotely. An attacker with a moderate skill level would be able to exploit the buffer overflow.
Ecava recommended users download and install the update, IntegraXor SCADA Server 4.00.4280, from their download Web site. The company recommends users disable ActiveX.