Info

Disclosure

Sep 28, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

DeltaV is prone to an overflow condition. The program fails to properly check for bounds when parsing a malformed string, which will result in a buffer overflow. With a specially crafted large string, a remote attacker can potentially cause a denial of service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: SCADA

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Emerson has released a patch to address this vulnerability.

Products

Emerson Electric Co.	DeltaV	9.3.1
		10.3.1
		11.3
		11.3.1

References

CVE ID: 2012-3035 (see also: NVD)
Secunia Advisory ID: 50823
Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-12-265-01.pdf
Vendor URL: http://www2.emersonprocess.com/en-us/brands/deltav/pages/index.aspx

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85822

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Emerson Electric Co.

DeltaV

References

Credit