10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.0%
ICS-CERT originally released Advisory ICSA-11-279-01P on the US-CERT secure Portal on October 06, 2011. This web page release was delayed to allow users time to download and install the update.
Security research and service institute Information and Communication Security Technology Center (ICST) has identified a buffer overflow vulnerability that affects multiple Advantech OPC (OLE for Process Control) Server products. This vulnerability may allow remote code execution and elevated user privileges.
Advantech has produced a new software version that mitigates this vulnerability. ICST has tested the new version and confirmed that it fully resolves this vulnerability.
The following versions of OPC Server are affected:
Impact to individual organizations depends on many operational factors that are unique to each organization. The buffer overflow in the Advantech ADAM OPC Server ActiveX control could allow remote attackers to execute arbitrary code and gain/elevate privileges to the currently logged in user. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.
Advantech is a Taiwanese-based company that manufactures and sells industrial personal computers (PCs), embedded computers, automation controllers, and software to customers in the energy, telecommunications, and transportation industries.
According to Advantech, OPC Server is an interface for industrial device servers. The Advantech ADAM OPC server allows Input/Output (I/O) devices to communicate with a wide range of human-machine interface (HMI)/supervisory control and data acquisition (SCADA) software packages. Any software system with OPC client capabilities can access the Advantech OPC server drivers. The Advantech ADAM OPC Server is installed primarily in East Asia with a few installations in North America.
The buffer overflow in the Advantech ADAM OPC Server ActiveX control might allow remote attackers to execute arbitrary code and gain privileges as the currently logged in user.
CVE-2011-1914 has been assigned to this vulnerability.
This vulnerability is remotely exploitable.
No known exploits specifically target this vulnerability.
An attacker with a low skill level can create a denial of service; however, a more skilled attacker could execute arbitrary code.
Advantech has created a patchb to mitigate this vulnerability. ICST has tested the patch to verify that the vulnerability has been corrected. The patches for the three products can be downloaded at the following location: <http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-2NMHLB>.
In addition to applying the patch developed by Advantech, ICS-CERT encourages asset owners to take additional defensive measures to reduce the cybersecurity risk introduced by this vulnerability.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
The Control Systems Security Program (CSSP) also provides a recommended practices section for control systems on the CSSP web page. Several recommended practices are available for reading or downloading, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-2NMHLB
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1914
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Advantech%20OPC%20Server%20Buffer%20Overflow+https://www.cisa.gov/news-events/ics-advisories/icsa-11-279-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-11-279-01&title=Advantech%20OPC%20Server%20Buffer%20Overflow
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-11-279-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-11-279-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Advantech%20OPC%20Server%20Buffer%20Overflow&body=www.cisa.gov/news-events/ics-advisories/icsa-11-279-01