Advisories
As part of our R+D services, Neutralbit often discovers previously unreported security flaws in commercial software and devices. Although most of these vulnerabilities are discovered during a vendor engagement (and thus stay within the boundaries defined in the particular contract) some of our findings are the result of independent research projects.
In these cases Neutralbit follows a responsible disclosure policy, contacting the affected vendor, working to get a solution and eventually publishing an advisory, once the patch has been made available to end-users. Depending on how critical a particular vulnerability is (for instance, in those cases where it involves services running in critical infrastructure)we involve the competent organizations, such ad the CERT/CC or the US-CERT, to sped-up a resolution of the problem.
You can find a complete list of security vulnerabilities published by Neutralbit in the following section.
2007 Advisories
- NB07-07 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server
- NB07-08 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server
- NB07-09 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server
- NB07-10 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server
- NB07-17 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server
- NB07-22 - Multiple vulnerabilities in NETxEIB OPC server
2007 Advisories
NB07-07 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1319
US-CERT: VU#926551
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read/write operations which can be leveraged to execute arbitrary code in the OPC server.
More information can be found here
NB07-08 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1319
US-CERT: VU#926551
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read/write operations which can be leveraged to execute arbitrary code in the OPC server.
More information can be found here
NB07-09 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1319
US-CERT: VU#926551
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read/write operations which can be leveraged to execute arbitrary code in the OPC server.
More information can be found here
NB07-10 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1319
US-CERT: VU#926551
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read/write operations which can be leveraged to execute arbitrary code in the OPC server.
More information can be found here
NB07-17 - Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1319
US-CERT: VU#926551
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read and write the process memory, leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read/write operations which can be leveraged to execute arbitrary code in the OPC server.
More information can be found here
NB07-22 - Multiple vulnerabilities in NETxEIB OPC server
Published date: 16/03/2007
CVE reference: CVE-2007-1313
US-CERT: VU#296593
The product presents various security vulnerabilities, allowing an attacker with access to the OPC interface to arbitrarily read the process memory, potentially leading to the execution of attacker-provided code.
By providing specially crafted OPC handles the attacker can force the server to access arbitrary memory in read operations which can be potentially leveraged to execute arbitrary code in the OPC server.
More information can be found here