{"vuid":"VU#337569","idnumber":"337569","name":"AREVA e-terrahabitat SCADA systems vulnerabilities","keywords":["scada"],"overview":"AREVA e-terrahabitat contains multiple vulnerabilities.","clean_desc":"AREVA e-terrahabitat  is a core component of the Energy Management system that provides real-time data and process management services. e-terrahabitat  contains vulnerabilities, including a buffer overflow. For more information on these issues AREVA customers should review the following issues in AREVA T&D Security Bulletin - ATD-08-002: PD28578 Buffer Overflow Vulnerability in e-terrahabitat MLF application\nPD32018 Denial of Service Vulnerability in e-terrahabitat WebFGServer application\nPD32020 Denial of Service Vulnerability in e-terrahabitat WebFGServer application\nPD32021 Denial of Service Vulnerability in e-terrahabitat NETIO application\nPD32022 Privilege Escalation in e-terrahabitat WebFGServer application\nNote that these issues affect versions 5.7 and earlier.","impact":"An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat  account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash.","resolution":"Apply  Patch\nUsers of e-terrahabitat  version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately. Upgrade Users of affected software with versions 5.4 and earlier are encouraged to upgrade to 5.6 or above.","workarounds":"Intrusion Detection According to AREVA T&D Security Bulletin - ATD-08-002: Strong network perimeter access controls can reduce the potential avenues of attack. In cooperation with AREVA, the US Department of Homeland (DHS) Security Control Systems Security Program (CSSP) developed Snort based network intrusion detection signatures that are available for AREVA customer use only to detect attempts to exploit vulnerabilities within the WebFGServer. Due to unique system configuration dependencies, the signatures must be tuned to your specific environment. Please contact AREVA to obtain these signatures. DHS and AREVA cannot provide support for the signatures at this time. Restrict Access Limit network access to hosts that require connections to the portal. Do not allow access to the portal from untrusted networks such as the internet.","sysaffected":"","thanks":"This vulnerability was reported in \nAREVA T&D Security Bulletin - ATD-08-002\n. AREVA credits Eyal Udassin and Jonathan Afek of C4, Idaho National Labs, and Department of Homeland Security Control Systems Security Program (DHS CSSP) with discovering and verifying these issues.","author":"This document was written by Chris Taschner.","public":["http://www.areva.com","http://www.scada-security.com/vulnerabilities/areva1.html"],"cveids":["CVE-2009-0210","CVE-2009-0211","CVE-2009-0212","CVE-2009-0213","CVE-2009-0214"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-09-12T20:01:03Z","publicdate":"2009-02-05T00:00:00Z","datefirstpublished":"2009-02-05T14:33:55Z","dateupdated":"2009-02-17T22:29:29Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"2","cam_impact":"20","cam_easeofexploitation":"9","cam_attackeraccessrequired":"7","cam_scorecurrent":"0.945","cam_scorecurrentwidelyknown":"1.89","cam_scorecurrentwidelyknownexploited":"2.835","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.945,"vulnote":null}