There is a cross-site scripting (XSS) and write access violation vulnerabilities in Ocean Data Systems Dream Report application.
ICS-CERT coordinated these vulnerabilities with Ocean Data Systems, which has produced a new version that resolves the vulnerabilities. Researchers Billy Rios and Terry McCorkle, who found the holes, have tested the new version to confirm it resolves the vulnerability.
Dream Reports versions prior to Version 4.0 all suffer from the vulnerability, Ocean Data Systems official said.
Successful attacks could result in data leakage, denial of service, or remote code execution.
Ocean Data Systems is a France-based company that focuses on reporting software for control systems. Dream Report deploys across several sectors including manufacturing, building automation, oil and gas, water and wastewater, healthcare, and electric utilities. Ocean Data Systems said these products see use mainly in France, Switzerland, United Kingdom, Israel, United States, and Germany.
A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. Exploitation of this vulnerability requires a user visit a specially crafted URL, which injects client-side scripts into the server’s HTTP response to the client. CVE-2011-4038 is the number assigned to this vulnerability.
The write access violation vulnerability requires a user open a specially crafted file. This may result in arbitrary code execution. CVE-2011-4039 is the number assigned to this vulnerability.
The XSS vulnerability is remotely exploitable and the write access violation is not remotely exploitable and an attacker cannot exploit it without user interaction. The exploit can occur when a local user runs the vulnerable application and loads a malformed file.
An attacker with a low skill level can create the XSS exploit. Crafting a working exploit for the access violation vulnerability would be difficult. Social engineering would need to convince the user to accept the malformed file. Additional user interaction must occur to load the malformed file.
Click here to download the latest version of Dream Reports.