7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.822 High
EPSS
Percentile
98.4%
Added: 03/10/2009
CVE: CVE-2008-2639
BID: 29634
OSVDB: 46105
The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default.
A buffer overflow vulnerability caused by the handling of incorrect packets allows remote attackers to execute arbitrary commands.
Follow the recommendations under “Industries and Solutions” for security, that provides some information for customers;
http://www.citect.com/index.php?option=com_content&task=view&id=186&Itemid=322
<http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0146.html>
<http://www.citect.com/documents/news_and_media/CitectSCADA-security-response.pdf>
Exploit works against;
ClientScada V6.10, ClientScada V7.0r1 and ClientFacilities V7.0
Target application does not install on Windows 2003 SP1.
Windows Server 2003 SP2 / Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP0,SP1,SP2 DEP-Disabled
Windows 2000 / Windows XP
Version 6 - Windows 2003 SP2 DEP-Enabled
Version 6 - Windows 2003 SP1 DEP-Enabled
Version 6 - Windows 2003 SP0,SP1,SP2 DEP-Disabled
Version 6 - Windows 2000, Windows XP