NVD Vulnerability Detail

CVE-2010-4709

Summary	Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
Publication Date	Jan. 29, 2011, 1 a.m.
Registration Date	Jan. 29, 2021, 11:09 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

CVSS2.0 : HIGH
Score	7.6
Vector	AV:N/AC:H/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7c:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:3.0.0:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0_build_1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.5:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.2:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.4:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.8:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7f:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.4a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.10:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9_build_2.9.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.3a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6b:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.5:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7b:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.4:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.2a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server::::::::		3.0.1
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.11:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7e:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7d:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9:::::::*

Related information, measures and tools

No	URL	タグ
1	http://automatedsolutions.com/pub/asmbtcpopc/readme.htm
2	http://secunia.com/advisories/43029	Vendor Advisory
3	http://www.exploit-db.com/exploits/16040	Exploit
4	http://www.kb.cert.org/vuls/id/768840	US Government Resource
5	http://www.securityfocus.com/bid/45974	Exploit
6	http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf
7	http://www.vupen.com/english/advisories/2011/0209	Vendor Advisory
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/64944
9	http://automatedsolutions.com/pub/asmbtcpopc/readme.htm
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/64944
11	http://www.vupen.com/english/advisories/2011/0209	Vendor Advisory
12	http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf
13	http://www.securityfocus.com/bid/45974	Exploit
14	http://www.kb.cert.org/vuls/id/768840	US Government Resource
15	http://www.exploit-db.com/exploits/16040	Exploit
16	http://secunia.com/advisories/43029	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Automated Solutions Modbus/TCP Master OPC Server におけるバッファオーバーフローの脆弱性

Title	Automated Solutions Modbus/TCP Master OPC Server におけるバッファオーバーフローの脆弱性
Summary	Automated Solutions OPC Server の Modbus/TCP Master OPC Server には、Modbus/TCP ヘッダの処理に起因するヒープバッファオーバーフローの脆弱性が存在します。なお、本脆弱性を使用した攻撃コードが公開されています。
Possible impacts	アクセス可能な第三者によって、サービス運用妨害 (DoS) 攻撃を受ける可能性があります。
Solution	[アップデートする] ベンダが提供する情報をもとに最新版へアップデートしてください。なお、本脆弱性は以下のバージョンで修正されています。 Automated Solutions OPC Server の Modbus/TCP Master OPC Server 3.0.2 [ワークアラウンドを実施する] 対策を適用するまでの間、以下の回避策を適用することで、本脆弱性の影響を軽減することが可能です。信頼できない送信元からの製品へのアクセスを制限する
Publication Date	Feb. 7, 2011, midnight
Registration Date	March 3, 2011, 4:32 p.m.
Last Update	March 3, 2011, 4:32 p.m.

Affected System

Automated Solutions, Inc

Automated Solutions Modbus/TCP Master OPC Server バージョン 3.0.0 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4709	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4709
National Vulnerability Database (NVD)
2	CVE-2010-4709	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4709

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Automated Solutions
1	ReadMe for Automated Solutions' Modbus/TCP OPC Server	http://automatedsolutions.com/pub/asmbtcpopc/readme.htm
2	Software Solutions for HMI and SCADA Developers	http://automatedsolutions.com/demos/demoform.asp?code=17

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-10-322-02A	http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdf
JVN
2	JVNVU#768840	http://jvn.jp/cert/JVNVU768840
Secunia Advisory
3	SA43029	http://secunia.com/advisories/43029
SecurityFocus
4	45974	http://www.securityfocus.com/bid/45974
US-CERT Vulnerability Note
5	VU#768840	http://www.kb.cert.org/vuls/id/768840
VUPEN Security
6	VUPEN/ADV-2011-0209	http://www.vupen.com/english/advisories/2011/0209

Change Log

No	Changed Details	Date of change
0	[2011年03月03日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7c:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:3.0.0:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0_build_1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.5:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.2:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.4:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.8:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7f:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.4a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.10:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9_build_2.9.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.3a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.6b:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9.5:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7b:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.4:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.2a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server::::::::		3.0.1
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.3:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.12.1:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.11:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7e:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.7d:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.0a:::::::*
cpe:2.3:a:automatedsolutions:modbus\/tcp_master_opc_server:2.9:::::::*