9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
88.8%
This Advisory is a follow-up to “ICS-ALERT-11-285-01—Open Automation Software OPC Systems.NET Vulnerability” that was posted on the ICS-CERT website on October 12, 2011.
Independent researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept (PoC) exploit code. This public report was released without coordination with Open Automation Software, ICS-CERT, or any other coordinating entity known to ICS-CERT.
ICS-CERT has coordinated this vulnerability with Open Automation Software, and they have produced an update that resolves this vulnerability. Luigi Auriemma has tested the update and has confirmed that it resolves the vulnerability.
On January 20, 2012, Digital Security Research Group publicly reported a buffer overflow vulnerability in a third-party ActiveX control in OPC Systems.NET. This public report was released without coordination with Open Automation Software, ICS-CERT, or any other coordinating entity known to ICS-CERT.
All versions of OPC Sytems.NET prior to Version 5.0 are affected.
A malformed packet could be sent remotely to cause a denial of service.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.
Open Automation Software is a US-based company that provides .NET products for supervisory control and data acquisition (SCADA) and human-machine interfaces (HMI) applications.
According to Open Automation Software, OPC Systems.NET is an HMI application that is deployed across several sectors including manufacturing, information technology, energy, water and wastewater, defense, and others. Open Automation Software estimates that these products are used throughout the world with primary use in the United States.
The vulnerability is exploitable by sending a malformed .NET Remote Procedural Call (RPC) packet to cause a denial of service through Port 58723/TCP.
CVE-2011-4871http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4871, NIST uses this advisory to create the CVE website report. This website will be active sometime after publication of this advisory. has been assigned to this vulnerability.
Third-party ActiveX component FlexGrid 7.1 is vulnerable to a buffer overflow attack.
CVE-2012-0227 has been assigned to this vulnerability.
This vulnerability is remotely exploitable.
Public exploits are known to target this vulnerability.
Crafting a working exploit for this vulnerability requires moderate skill.
Open Automation Software has released OPC Systems.NET Version 5.0Open Automation Software Releases OPC Systems.NET Version 5.0 with Enhanced Network Security, http://www.opcsystems.com/news/wcf.htm, website last accessed January 11, 2012. that resolves the reported vulnerability by removing the vulnerable component. Customers with vulnerable versions of Open Automation Software OPC Sytems.NET should deploy the update, which is available at:
http://www.opcsystems.com/downloads.htm
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4871
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Open%20Automation%20Software%20OPC%20Systems.NET%20Vulnerability%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-12-012-01a
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-12-012-01a&title=Open%20Automation%20Software%20OPC%20Systems.NET%20Vulnerability%20%28Update%20A%29
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-12-012-01a
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-12-012-01a
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Open%20Automation%20Software%20OPC%20Systems.NET%20Vulnerability%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-12-012-01a