nSense Vulnerability Research Security Advisory - The coreservice.exe process in Procyon core server versions 1.06 and below contains a remotely exploitable memory corruption flaw which allows for remote code execution. The affected component is coreservice.exe, which listens on port 23, running as SYSTEM. Sending a long string will trigger the overflow.
922acef938ae8deb176229f5e0792d09103f2de6f8e5b7312b17de91b92ff373 nSense Vulnerability Research Security Advisory NSENSE-2011-005
---------------------------------------------------------------
Affected Vendor: Scadatec
Affected Product: Procyon core server <=1.06
Platform: Windows
Impact: Remote code execution
Vendor response: New version released
CVE: None
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
The coreservice.exe process contains a remotely exploitable
memory corruption flaw which allows for remode code execution.
The affected component is coreservice.exe, which listens on port
23, running as SYSTEM. Sending a long string will trigger the
overflow.
Timeline:
20110412 Contacted ICS-CERT
20110527 Vendor communicates with ICS-CERT, working on fix
20110720 Independtly rediscovered by Steven Seeley/Stratsec
20110708 ICS-CERT provides link to fixed version
20110708 nSense validates fix is working as intended
20110804 ICS-CERT releases advisory to US-CERT portal
20110907 ICS-CERT releases public advisory
Solution
Contact the vendor for an updated version:
http://www.scadatec.co.uk/
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed