{"cve": [{"lastseen": "2021-02-02T05:31:21", "description": "NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access.", "edition": 4, "cvss3": {}, "published": "2007-03-21T19:19:00", "title": "CVE-2007-1313", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1313"], "modified": "2018-10-16T16:37:00", "cpe": ["cpe:/a:netxautomation:netxeib:3.0"], "id": "CVE-2007-1313", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:netxautomation:netxeib:3.0:*:*:*:*:*:*:*"]}], "cert": [{"lastseen": "2020-09-18T20:42:44", "bulletinFamily": "info", "cvelist": ["CVE-2007-1313"], "description": "### Overview \n\nThe NETxAutomation NETxEIB OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service.\n\n### Description \n\nOLE for Process Control (OPC) is a specification for a standard set of OLE COM objects for use in the process control and manufacturing fields. OPC servers are often used in control systems to consolidate field and network device information.\n\nThe NETxAutomation NETxEIB OPC Server fails to properly validate server handles. This vulnerability may be triggered by an attacker with access to the server's OPC interface. \n \n--- \n \n### Impact \n\nAn attacker with access to the NETxEIB OPC Server may be able to arbitrarily access server process memory, potentially allowing that attacker to execute arbitrary code or cause a denial-of-service. \n \n--- \n \n### Solution \n\n**Apply a Patch or Upgrade** \nNETxAutomation has released version 3.0.1300 of the NETxEIB OPC Server to address this vulnerability. \n \nNETxAutomation has also released a patch for NETxEIB OPC Server version 3.0 to address this vulnerability. \n \nContact [NETxAutomation](<http://www.netxautomation.com/>) for more information. \n \n--- \n \n**Restrict Access to the server** \n \nUntil a fixed version of the server can be deployed, we recommend restricting remote access to the server to only trusted hosts by using firewalls or only connecting them to private networks. \n \n--- \n \n### Vendor Information\n\n296593\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### NETxAutomation __ Affected\n\nNotified: January 13, 2007 Updated: March 20, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nNETxAutomation is dedicated to continuous improvement of product quality and reliability.\n\nBackground \n \nNormally EIB IP Networks are private networks with restricted access and are not connected to any other network. In this case only a physical intruder is able to exploit this vulnerability. \n \nNonetheless we corrected this in our new version 3.0.1300 immediately. \n \nSolution \n \nWe released a patch for version 3.0. Customers can contact us by email at support@netxautomation.com to receive the patch.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.neutralbit.com/en/rd/opctest/>\n * <http://neutralbit.com/advisories/NB07-22.txt>\n * <http://netxautomation.com>\n * <http://secunia.com/advisories/24612/>\n\n### Acknowledgements\n\nThis vulnerability was reported by NeutralBit. \n\nThis document was written by Jeff Gennari.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-1313](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-1313>) \n---|--- \n**Severity Metric:** | 4.50 \n**Date Public:** | 2007-01-12 \n**Date First Published:** | 2007-03-20 \n**Date Last Updated: ** | 2007-03-26 18:17 UTC \n**Document Revision: ** | 24 \n", "modified": "2007-03-26T18:17:00", "published": "2007-03-20T00:00:00", "id": "VU:296593", "href": "https://www.kb.cert.org/vuls/id/296593", "type": "cert", "title": "NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-1313"], "description": "\r\nMultiple vulnerabilities in NETxEIB OPC server\r\n==============================================\r\n\r\nOPC servers provide a standard way to interoperate automation and control\r\nsystems, bridging data from several industrial protocols such as DNP3,\r\nMODBUS, etc. to a more standard data access interface. They are often used\r\nin SCADA systems to consolidate network device information in a single\r\npoint; as such OPC servers are usually considered critical applications.\r\n\r\nNETxAUTOMATION commercialises an OPC Server\r\n("NETxEIB.MP.OPEN.OPC.Server.3.0"), more information is available at\r\nhttp://www.netxautomation.com/.\r\n\r\nANALYSIS\r\n--------\r\n\r\nThe product presents various security vulnerabilities, allowing an attacker\r\nwith access to the OPC interface to arbitrarily read and write the process\r\nmemory, potentially leading to the execution of attacker-provided code.\r\n\r\nThe vulnerabilities reside in the server implementation of the following OPC\r\nData Access interface methods:\r\n\r\n * IOPCSyncIO::Read\r\n * IOPCSyncIO::Write\r\n * IOPCServer::AddGroup\r\n * IOPCServer::RemoveGroup\r\n * IOPCCommon::SetClientName\r\n * IOPCGroupStateMgt::CloneGroup\r\n\r\n\r\nBy providing specially crafted OPC handles the attacker can force the server\r\nto access arbitrary memory, both in read and write operations which can be\r\npotentially leveraged to execute arbitrary code in the OPC server.\r\n\r\nVULNERABLE VERSIONS\r\n-------------------\r\n\r\nThe vulnerability has been verified to be present in the following version\r\nof the server:\r\n\r\n Server name: NETxEIB MP Open OPC Server 3.0\r\n OPC Server CLSID: {AAEEF077-F162-4A1F-AD88-C37F35EA4030}\r\n ProgID: NETxEIB.MP.OPEN.OPC.Server.3.0\r\n Version: 3.0.125\r\n OS: Windows XP\r\n\r\nThe vulnerability was discovered during an OPC server group assessment for a\r\ncustomer and is not known to be publicly exploited.\r\n\r\nWORKAROUND\r\n----------\r\n\r\nThe vendor has fixed the vulnerability and published an updated version.\r\n\r\nADDITIONAL INFORMATION\r\n----------------------\r\n\r\nThis vulnerability was found and researched by:\r\n\r\n Lluis Mora <llmora@neutralbit.com>\r\n Xavier Panadero <xpanadero@neutralbit.com>\r\n\r\nYou can find the latest version of this advisory at:\r\n\r\nhttp://www.neutralbit.com/\r\n\r\nDisclosure timeline:\r\n\r\n 12/Jan/2006: Vendor notified\r\n 12/Jan/2006: US-CERT notified\r\n 20/Mar/2006: Vendor published public advisory\r\n 21/Mar/2006: Neutralbit advisory published\r\n\r\nReferences:\r\n\r\n CERT: US-CERT Vulnerability Note VU#296593\r\n CVE: CVE-2007-1313\r\n\r\n", "edition": 1, "modified": "2007-03-24T00:00:00", "published": "2007-03-24T00:00:00", "id": "SECURITYVULNS:DOC:16444", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16444", "title": "[NB07-22] Multiple vulnerabilities in NETxEIB OPC server", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-1313", "CVE-2007-1319"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2007-03-24T00:00:00", "published": "2007-03-24T00:00:00", "id": "SECURITYVULNS:VULN:7459", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7459", "title": "Multiple OPC Servers multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
