Vulnerability Description
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scadatec | Procyon Scada | 1.06 |
Related Weaknesses (CWE)
References
- http://osvdb.org/75371
- http://secunia.com/advisories/45866Vendor Advisory
- http://securityreason.com/securityalert/8374
- http://www.exploit-db.com/exploits/17827Exploit
- http://www.securityfocus.com/bid/49480
- http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack
- http://www.uscert.gov/control_systems/pdf/ICSA-11-216-01.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69632
- http://osvdb.org/75371
- http://secunia.com/advisories/45866Vendor Advisory
- http://securityreason.com/securityalert/8374
- http://www.exploit-db.com/exploits/17827Exploit
- http://www.securityfocus.com/bid/49480
- http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack
- http://www.uscert.gov/control_systems/pdf/ICSA-11-216-01.pdfUS Government Resource
FAQ
What is CVE-2011-3322?
CVE-2011-3322 is a vulnerability with a CVSS score of 10.0 (HIGH). Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbi...
How severe is CVE-2011-3322?
CVE-2011-3322 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3322?
Check the references section above for vendor advisories and patch information. Affected products include: Scadatec Procyon Scada.