CVE-2008-2474

Current Description

Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit 400 (PCU400) 4.4 through 4.6 allows remote attackers to execute arbitrary code via a crafted packet using the (1) IEC60870-5-101 or (2) IEC60870-5-104 communication protocol to the X87 web interface.

Evaluator Description

This issue is corrected in version 3.5.5 of the x87 executable. To obtain a patch or upgrade software please contact your vendor. The x87 executable is considered obsolete in newer versions of the PCU 400 and should be replacedby the newer x88 or x89 executable where applicable.Link to contact information: http://www.abb.com/industries/db0003db004333/c12573e7003305cbc1257074003d0702.aspx?productLanguage=us&country=US&tabKey=Contacts

Basic Data

PublishedSeptember 29, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareAbbPcu4004.4*******
    2.3HardwareAbbPcu4004.5*******
    2.3HardwareAbbPcu4004.6*******

Vulnerable Software List

VendorProductVersions
Abb Pcu400 4.4, 4.5, 4.6

References

NameSourceURLTags
32047http://secunia.com/advisories/32047SECUNIA
4320http://securityreason.com/securityalert/4320SREASON
VU#343971http://www.kb.cert.org/vuls/id/343971CERT-VNUS Government Resource
http://www.kb.cert.org/vuls/id/CTAR-7JTNRXhttp://www.kb.cert.org/vuls/id/CTAR-7JTNRXCONFIRM
20080925 C4 Security Advisory - ABB PCU400 4.4-4.6 Remote Buffer Overflowhttp://www.securityfocus.com/archive/1/496739/100/0/threadedBUGTRAQ
31391http://www.securityfocus.com/bid/31391BID