{"vuid":"VU#711420","idnumber":"711420","name":"LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets","keywords":["LiveData Server","RFC 1006 packets","scada","COTP","INFO#111001"],"overview":"The LiveData Server fails to handle malformed Connection-Oriented Transport Protocol (COTP) packets. This vulnerability may allow a remote attacker to crash the LiveData Server.","clean_desc":"The LiveData Server records and transmits data between two or more control systems. The Connection-Oriented Transport Protocol (COTP) is a transport layer protocol used in OSI networks. COTP is defined in ISO 8073. The LiveData implementation of COTP contains an unspecified vulnerability. By sending a specially crafted packet to a vulnerable LiveData Server, a remote attacker may be able to trigger this vulnerability.","impact":"A remote attacker can cause the LiveData Server to terminate abnormally, resulting in a denial-of-service condition.","resolution":"Upgrade\nThis vulnerability is remedied in releases  5.00.62 or later of the LiveData Server products. This update is available on the LiveData web site.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Matt Franz of \nDigital Bond","author":"This document was written by Jeff Gennari.","public":["http://www.livedata.com","http://secunia.com/advisories/25113/"],"cveids":["CVE-2007-2490"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-05-18T14:49:42Z","publicdate":"2007-05-02T00:00:00Z","datefirstpublished":"2007-05-02T18:35:36Z","dateupdated":"2007-07-20T19:46:08Z","revision":23,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"11","cam_easeofexploitation":"13","cam_attackeraccessrequired":"9","cam_scorecurrent":"1.2065625","cam_scorecurrentwidelyknown":"3.01640625","cam_scorecurrentwidelyknownexploited":"5.42953125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.2065625,"vulnote":null}