BID:23059

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

Info

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

Bugtraq ID:	23059
Class:	Design Error
CVE:	CVE-2007-1313
Remote:	Yes
Local:	No
Published:	Mar 20 2007 12:00AM
Updated:	Mar 22 2007 08:53PM
Credit:	NeultralBit is credited with reporting these issues.
Vulnerable:	NETxAutomation NETxEIB 3.0

Not Vulnerable:	NETxAutomation NETxEIB 3.0.1300

Discussion

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

NETxAutomation NETxEIB is prone to multiple vulnerabilities that will allow remote attackers to execute arbitrary code on an affected computer.

Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.

Exploit / POC

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

Solution:
The vendor has released fixes to address these issues. Please contact the vendor for information on how to obtain and apply updates.

References

NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities

References:

NetXAutomation NetxEIB Homepage (NetXAutomation)
[NB07-22] Multiple vulnerabilities in NETxEIB OPC server (Lluis Mora)
Vulnerability Note VU#296593 (US-CERT)