{"vuid":"VU#181737","idnumber":"181737","name":"IntelliCom NetBiter Config HICP hostname buffer overflow","keywords":["scada","anybus","hms","netbiter","hicp","3250/udp"],"overview":"The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.","clean_desc":"IntelliCom NetBiter devices are based on HMS Anybus technology. The HMS HICP protocol (3250/udp) provides a way to configure network settings for NetBiter and possibly other Anybus-based devices. The NetBiter Config HICP configuration utility (NetbiterConfig.exe) has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn) value. Further details are available in the original post by Rubén Santamarta.","impact":"An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.","resolution":"Upgrade This vulnerability is addressed in NetBiter Config version 1.3.1. Please see IntelliCom Security Bulletin ISFR-4404-0007.","workarounds":"Restrict access Restrict access to SCADA, DCS, and other control system networks.","sysaffected":"","thanks":"This information was published by Rubén Santamarta.","author":"This document was written by Art Manion.","public":["http://blog.48bits.com/?p=781","http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1","http://www.hms.se/products/prodindex.shtml","http://www.anybus.com/products/abxsstech.shtml","http://support.intellicom.se/news.cfm?NWID=33","http://support.intellicom.se/getfile.cfm?FID=150","http://www.securityfocus.com/bid/37328"],"cveids":["CVE-2009-4462"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-12-15T21:15:51Z","publicdate":"2009-12-12T00:00:00Z","datefirstpublished":"2010-03-24T20:57:06Z","dateupdated":"2010-03-26T17:54:53Z","revision":19,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"1","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.478125","cam_scorecurrentwidelyknown":"0.61875","cam_scorecurrentwidelyknownexploited":"1.18125","ipprotocol":"udp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.478125,"vulnote":null}