Vulnerability Name: | CVE-2008-2474 (CCN-45421) | ||||||||
Assigned: | 2008-09-25 | ||||||||
Published: | 2008-09-25 | ||||||||
Updated: | 2018-10-11 | ||||||||
Summary: | Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface. This issue is corrected in version 3.5.5 of the x87 executable. To obtain a patch or upgrade software please contact your vendor. The x87 executable is considered obsolete in newer versions of the PCU 400 and should be replaced by the newer x88 or x89 executable where applicable. Link to contact information: http://www.abb.com/industries/db0003db004333/c12573e7003305cbc1257074003d0702.aspx?productLanguage=us&country=US&tabKey=Contacts | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Thu Sep 25 2008 - 10:59:42 CDT C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow Source: MITRE Type: CNA CVE-2008-2474 Source: CCN Type: SA32047 ABB PCU400 X87 Buffer Overflow Vulnerability Source: SECUNIA Type: UNKNOWN 32047 Source: SREASON Type: UNKNOWN 4320 Source: CCN Type: ABB Web site ABB PCU400 Source: CCN Type: US-CERT VU#343971 ABB PCU400 vulnerable to buffer overflow Source: CERT-VN Type: US Government Resource VU#343971 Source: CONFIRM Type: UNKNOWN http://www.kb.cert.org/vuls/id/CTAR-7JTNRX Source: CCN Type: OSVDB ID: 48533 ABB PCU400 X87 Multiple IEC Protocol Handling Remote Overflow Source: BUGTRAQ Type: UNKNOWN 20080925 C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflow Source: BID Type: UNKNOWN 31391 Source: CCN Type: BID-31391 ABB PCU400 'x87' Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN pcu400-x87-bo(45421) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |