CVE-2010-4709
published 2011-01-28CVE-2010-4709: Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and…
PriorityP356high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
16.20%
96.5th percentile
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automatedsolutions | modbus_tcp_master_opc_server | <= 3.0.1 | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
| automatedsolutions | modbus_tcp_master_opc_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x00\x00\x00\x02\x01\x00\x03\x02\x00\x00
bytes↗
\x00\x00\x00\x00\x02\xb0\x00\x03\x02\x00\x00
- →A crafted Modbus/TCP response packet with an anomalously large or malformed length field (bytes 5-6 of the MBAP header) should be flagged. Specifically, a length field value such as 0x02b0 (688) in a response carrying only 2 bytes of actual payload is a strong indicator of exploitation. ↗
- →Monitor the Automated Solutions Modbus/TCP Master OPC Server process for heap corruption events. A heap block modified past its requested size (e.g., 'Heap block at 0035F2D0 modified at 0035F4E7 past requested size of 20f') is a direct indicator of successful exploitation. ↗
- →The vulnerable code path is at address 0x0040832C (REP STOS instruction) in the OPC server binary. A crash or anomalous write at this address indicates exploitation of the heap overflow via the crafted length field. ↗
- ·This vulnerability affects versions prior to 3.0.2. The PoC was tested on version 3 running on Windows. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-386v-w8vv-pcqx: Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3
ghsa_unreviewed·2022-05-17
CVE-2010-4709 [HIGH] CWE-119 GHSA-386v-w8vv-pcqx: Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
CISA ICS
GLEG Agora SCADA+ Exploit Pack
cisa_ics·2018-09-06
GLEG Agora SCADA+ Exploit Pack
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GLEG Agora SCADA+ Exploit Pack
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-096-01
## OVERVIEW
On March 15, 2011, GLEG Ltd. announced the Agora SCADA+ Exploit Pack for Immunity’s CANVAS system. CANVAS is a penetration testing framework that is extensible using CANVAS Exploit Packs. On March 25, 2011, GLEG announced it would be adding exploits for the 35 vulnerabilities released by Luigi Auriemma on March 21, 2011. The ICS-CERT has not received any reports of this tool being used for an unauthorized compromise of an actual control system installation.
ICS-CERT has prepared t
No detection rules found.
No writeups or analysis indexed.
http://automatedsolutions.com/pub/asmbtcpopc/readme.htmhttp://secunia.com/advisories/43029http://www.exploit-db.com/exploits/16040http://www.kb.cert.org/vuls/id/768840http://www.securityfocus.com/bid/45974http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdfhttp://www.vupen.com/english/advisories/2011/0209https://exchange.xforce.ibmcloud.com/vulnerabilities/64944http://automatedsolutions.com/pub/asmbtcpopc/readme.htmhttp://secunia.com/advisories/43029http://www.exploit-db.com/exploits/16040http://www.kb.cert.org/vuls/id/768840http://www.securityfocus.com/bid/45974http://www.us-cert.gov/control_systems/pdf/ICSA-10-322-02A.pdfhttp://www.vupen.com/english/advisories/2011/0209https://exchange.xforce.ibmcloud.com/vulnerabilities/64944
2011-01-28
Published