GE Intelligent Platforms > Support >  KB > KB12458
UA #308556 Buffer Overflow Allows Remote Code Execution
Description

CIMPLICITY 6.1 Security Vulnerabilities reported by C4 to CERT:

Douglas A. Stewart 1/11/2008

UA #308556 Buffer Overflow Allows Remote Code Execution

Sending specially crafted data packets to port 32000 on computers where CIMPLICITY is running can cause the w32rtr.exe process to overflow a buffer. This can cause an unexpected termination of the w32rtr.exe process, or in some situations allow for remote code execution.

GE Fanuc Intelligent Platforms has created fixes that protect against buffer overruns and various other potential anomalous code paths when processing message data in the w32rtr.exe process. When malformed data is encountered messages are logged to the CIMPLICITY system status log so that potential attacks or network problems can be discovered.

The following fixes for this issue are available:

  • CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106
  • CIMPLICITY 7.0 SIM 9
  • CIMPLICITY 6.1 Service Pack 5 - 032008_167067_6105
ProductVersionModule
HMI/SCADA - CIMPLICITY All All

Details
ID: KB12458
Category: Articles
Last Updated: 05/02/08
Date Created: 01/17/08
Status: Published
Attachments: No
Language: English


 


Feedback

The feedback portlet allows users to rate content and share these cumulative ratings with other users.
Overall Rating: 0.88 (402 responses)
Rate this content record (1=lowest, 5=highest)
5
4
3
2
1
Comment