Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

2012-02-22T00:00:00
ID SAINT:E3D0E18E9742BFE49422208B9902F58A
Type saint
Reporter SAINT Corporation
Modified 2012-02-22T00:00:00

Description

Added: 02/22/2012
BID: 49747
OSVDB: 75798

Background

Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of the components of this application.

Problem

SNMP NetDBServer is vulnerable to a stack buffer overflow as a result of copying data chunks in a stack buffer. This vulnerability can be exploited by a malicious user sending a specially crafted request to SNMP NetDBServer on port 2001/tcp.

Resolution

Contact the vendor and apply a patch when one becomes available.

References

<http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt>
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-266-01.pdf>

Limitations

Exploit has been tested on Sunway ForceControl 6.1 sp3 with Extra on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows