Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
References
Configurations
History
21 Nov 2024, 00:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/42650 - | |
References | () http://secunia.com/advisories/28079 - | |
References | () http://www.kb.cert.org/vuls/id/205073 - Patch, US Government Resource | |
References | () http://www.neutralbit.com/downloads/NB-NB-001-EXT-OPC%20Security%20Testing.pdf - | |
References | () http://www.neutralbit.com/en/rd/opctest/ - | |
References | () http://www.securityfocus.com/bid/26876 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/39062 - |
Information
Published : 2007-12-17 21:46
Updated : 2024-11-21 00:35
NVD link : CVE-2007-4473
Mitre link : CVE-2007-4473
CVE.ORG link : CVE-2007-4473
JSON object : View
Products Affected
gesytec_easylon
- opc_server
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer