{"vuid":"VU#660688","idnumber":"660688","name":"SCADA Engine BACnet OPC Client buffer overflow vulnerability","keywords":["scada","BACnet OPC Client"],"overview":"SCADA Engine BACnet OPC Client contains a buffer overflow when parsing .csv files. This vulnerability may allow an attacker to execute arbitrary code.","clean_desc":"According to SCADA Engine website: \"The SCADA Engine BACnet OPC Server is a server that provides data access (DA), Alarms and Events (AE), and Historical Data Access (HDA) between OPC clients and BACnet-compliant devices.\" SCADA Engine BACnet OPC Client contains a stack-based buffer overflow when parsing .csv files. The vulnerability is caused by a boundary error in the WTclient.dll library when preparing a status log message. For additional information see ICS-CERT Advisory ICSA-10-264-01.","impact":"An attacker could exploit the vulnerability by tricking a user into opening a crafted .csv file, leading to execution of arbitrary code. Failed execution of this vulnerability may also lead to denial-of-service conditions.","resolution":"Upgrade SCADA Engine has released BACnet OPC Client version 1.0.25.","workarounds":"Do not access .csv files from untrusted sources Attackers may host malicious .csv files on web sites. In order to convince users to visit their sites, those attackers often use a variety of techniques to create misleading links including URL encoding, URL redirectors on legitimate sites, IP address variations, long URLs, and intentional misspellings. Do not click on unsolicited links received in email, instant messages, web forums, or instant messaging or chat channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.","sysaffected":"","thanks":"Thanks to Jeremy Brown for reporting this vulnerability to ICS-CERT.","author":"This document was written by Michael Orlando.","public":["http://www.securityfocus.com/bid/43289","http://secunia.com/advisories/41466/","http://www.scadaengine.com/software1.html","http://www.scadaengine.com/downloads.html","http://www.us-cert.gov/control_systems/pdf/ICSA-10-264-01.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-12-01T14:29:55Z","publicdate":"2010-09-21T00:00:00Z","datefirstpublished":"2011-02-03T18:10:08Z","dateupdated":"2011-02-03T18:10:08Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"3","cam_impact":"20","cam_easeofexploitation":"13","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.2175","cam_scorecurrentwidelyknown":"3.51","cam_scorecurrentwidelyknownexploited":"6.435","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.2175,"vulnote":null}