ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution - Ver2 (CVE-2011-4535)

A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer. The vulnerability is due to a boundary check error. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ZIP archive file with the affected product. Successful...

ScadaTEC ScadaPhone <= 5.3.11.1230 - Stack Buffer Overflow

No description provided by source. $Id: scadaphonezip.rb 13728 2011-09-13 20:10:28Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)

No description provided by source. ?php / ScadaTEC ModbusTagServer & ScadaPhone .zip buffer overflow exploit 0day Date: 09/09/2011 Author: mrme @netninja Vendor: http://www.scadatec.com/ ScadaPhone Version: = 5.3.11.1230 ModbusTagServer Version: = 4.1.1.81 Tested on: Windows XP SP3...

ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution (CVE-2011-4535)

A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer...

CVE-2011-4535

Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted ZIP...

Buffer overflow

Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted ZIP...

CVE-2011-4535

CVE-2011-4535 is a buffer overflow in TurboPower Abbrevia prior to 4.0, embedded in ScadaTEC ScadaPhone 5.3.11.1230 and ScadaTEC ModbusTagServer 4.1.1.81 and other products. The overflow occurs while handling ZIP files and can cause a denial of service or potentially allow arbitrary code executio...

ScadaTEC ScadaPhone & Modbus TagServer Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-255-01—ScadaTEC ScadaPhone/ModbusTagServer Buffer Overflow, which was published September 12, 2011, on the ICS‑CERT Web page. On September 12, 2011, independent security researcher Steven Seeley publicly released a...

ScadaTEC ScadaPhone 5.3.11.1230 Buffer Overflow

$Id: scadaphonezip.rb 13728 2011-09-13 20:10:28Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2011-3322

Core Server HMI Service Coreservice.exe in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long password to the Telnet TCP/23 port, which triggers an out-of-bounds read or...

Stack overflow

Core Server HMI Service Coreservice.exe in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long password to the Telnet TCP/23 port, which triggers an out-of-bounds read or...

CVE-2011-3322

CVE-2011-3322 affects Procyon Core Server HMI's Coreservice.exe in Scadatec Limited Procyon SCADA 1.06 and other versions before 1.14. The root cause is a boundary check error that, when processing a password sent to Telnet (TCP/23), can trigger an out-of-bounds read/write on the stack, leading t...

ScadaTEC ScadaPhone Stack Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary...

ScadaTEC ScadaPhone 5.3.11.1230 - Local Stack Buffer Overflow (Metasploit)

$Id: scadaphonezip.rb 13728 2011-09-13 20:10:28Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ScadaTEC ModbusTagServer ScadaPhone - .zip Local Buffer Overflow

ScadaTEC ModbusTagServer ScadaPhone - .zip Local Buffer Overflow mrme@neptune scadatec$ php zip.php -t modbustagserver mrme@neptune scadatec$ nc -v 192.168.114.141 4444 Connection to 192.168.114.141 4444 port tcp/krb524 succeeded! Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001...

ScadaTEC ModbusTagServer &amp; ScadaPhone - &#039;.zip&#039; Local Buffer Overflow

mrme@neptune scadatec$ php zip.php -t modbustagserver mrme@neptune scadatec$ nc -v 192.168.114.141 4444 Connection to 192.168.114.141 4444 port tcp/krb524 succeeded! Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft Corp. C:\ScadaTEC\ModbusTagServer\Projects 'The reason they...

ScadaTEC ModbusTagServer / ScadaPhone Buffer Overflow

mrme@neptune scadatec$ php zip.php -t modbustagserver mrme@neptune scadatec$ nc -v 192.168.114.141 4444 Connection to 192.168.114.141 4444 port tcp/krb524 succeeded! Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft Corp. C:\ScadaTEC\ModbusTagServer\Projects 'The reason they...

ScadaTEC ScadaPhone <= v5.3.11.1230 Stack Buffer Overflow

Exploit for windows platform in category local exploits $Id: scadaphonezip.rb 13728 2011-09-13 20:10:28Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow (0day)

Exploit for windows platform in category local exploits email protected scadatec$ php zip.php -t modbustagserver email protected scadatec$ nc -v 192.168.114.141 4444 Connection to 192.168.114.141 4444 port tcp/krb524 succeeded! Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft...

Scadatec Limited Procyon Telnet Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-11-216-01P on the US-CERT Portal on August 04, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from Knud Højgaard of the nSense Vulnerability Coordination...