E-TerraHabitat Privilege Escalation / DoS

`Background  
-----------------  
Vendor product information, from www.areva-td.com :  
AREVA T&D solution for real-time energy management systems; this suite of  
software products can be configured to meet your specific needs and  
business function. Transmission companies, Generation owners, Independent  
System Operators and vertically integrated utilities can all benefit from  
the  
new features and functionality of e-terraplatform. All configurations of  
eterraplatform  
share a robust, portable and flexible foundation: highly available  
real-time database, a high performance user interface, a comprehensive  
modeling environment and a historical information system.  
  
Description  
----------------  
Due to the sensitivity of SCADA security vulnerabilities, we can only  
publicly disclose that multiple elements of the e-terraplatform suffer from  
multiple vulnerabilities ranging from Denial of Service to Privilege  
Escalation.  
Details of these vulnerabilities will be disclosed only to legitimate  
parties such as asset owners (utilities), after receiving the approval of  
the local CERT or any other local official entity.  
  
Impact  
----------  
An attacker can exploit these vulnerabilities in order to:  
1. Halt the system's operation (Denial of Service)  
2. Gain unauthorized access with high privileges to the system  
3. Leverage these vulnerabilities to attempt to find additional  
vulnerabilities in the server to carry out the "corporate network to control  
center" and "field to control center" attack vectors mentioned in C4's S4  
2008 paper "Control System Attack Vectors and Examples: Field Site and  
Corporate Network"  
<http://www.c4-security.com/SCADA%20Security%20-%20Attack%20Vectors.pdf> .   
  
Affected Versions  
-------------------------  
e-terrahabitat version 5.5.x  
e-terrahabitat version 5.6.x  
e-terrahabitat version 5.7.x  
  
Workaround/Fix  
-----------------------  
The vendor issued a security patch to address these vulnerabilities.  
  
Additional Information  
-------------------------------  
For additional information please contact us at info_at_c4-security.com.  
Note that we will respond only to verified utility personnel and  
governmental agencies.   
Details of this vulnerability will be disclosed only to legitimate parties  
such as asset owners (utilities), after receiving the approval of the local  
CERT or any other local official entity.  
  
The CVE identifiers assigned to these vulnerabilities by CERT are:   
CVE-2009-0211  
CVE-2009-0212  
CVE-2009-0213  
CVE-2009-0214  
  
Credit  
--------  
These vulnerabilities were discovered and exploited by Jonathan Afek and  
Eyal Udassin from C4 Security (http://www.c4-security.com).  
C4 Security is a leader in SCADA security reviews, auditing and penetration  
testing.   
  
  
Regards,  
  
Eyal Udassin - C4  
33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel  
[email protected] / <http://www.c4-security.com/>   
+972-547-684989  
`