CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.3%
The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn
) value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.
IntelliCom NetBiter devices are based on HMS Anybus technology. The HMS HICP protocol (3250/udp) provides a way to configure network settings for NetBiter and possibly other Anybus-based devices. The NetBiter Config HICP configuration utility (NetbiterConfig.exe) has a buffer overflow vulnerability that can be triggered by a specially crafted hostname (hn
) value. Further details are available in the original post by Rubén Santamarta.
An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running NetBiter Config.
Upgrade
This vulnerability is addressed in NetBiter Config version 1.3.1. Please see IntelliCom Security Bulletin ISFR-4404-0007.
Restrict access
Restrict access to SCADA, DCS, and other control system networks.
181737
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 19, 2010
Affected
We have not received a statement from the vendor.
Please see IntelliCom Security Bulletin ISFR-4404-0007.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This information was published by Rubén Santamarta.
This document was written by Art Manion.
CVE IDs: | CVE-2009-4462 |
---|---|
Severity Metric: | 0.48 Date Public: |