Citect SCADA ODBC Service Overflow

2009-03-10T00:00:00
ID SAINT:4F3938ECAB74119775E880AB915E4121
Type saint
Reporter SAINT Corporation
Modified 2009-03-10T00:00:00

Description

Added: 03/10/2009
CVE: CVE-2008-2639
BID: 29634
OSVDB: 46105

Background

The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default.

Problem

A buffer overflow vulnerability caused by the handling of incorrect packets allows remote attackers to execute arbitrary commands.

Resolution

Follow the recommendations under "Industries and Solutions" for security, that provides some information for customers;
http://www.citect.com/index.php?option=com_content&task=view&id=186&Itemid=322

References

<http://archives.neohapsis.com/archives/fulldisclosure/2008-06/0146.html>
<http://www.citect.com/documents/news_and_media/CitectSCADA-security-response.pdf>

Limitations

Exploit works against;
ClientScada V6.10, ClientScada V7.0r1 and ClientFacilities V7.0

Target application does not install on Windows 2003 SP1.

Platforms

Windows Server 2003 SP2 / Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP0,SP1,SP2 DEP-Disabled
Windows 2000 / Windows XP
Version 6 - Windows 2003 SP2 DEP-Enabled
Version 6 - Windows 2003 SP1 DEP-Enabled
Version 6 - Windows 2003 SP0,SP1,SP2 DEP-Disabled
Version 6 - Windows 2000, Windows XP