Automated Solutions Modbus Slave MiniHMI.exe ActiveX Modbus/TCP Diagnostic Function Arbitrary Code Execution

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the Automated Solutions Modbus TCP Slave
ActiveX control, which allows a PC to emulate a Modbus Serial and / or
TCP slave device.

The version of this control installed on the remote host reportedly
contains a buffer overflow issue with the Modbus/TCP Diagnostic
function (FC8). Using specially-crafted Modbus requests. An
unauthenticated remote attacker may be able to leverage this issue to
execute arbitrary code remotely subject to the privileges of the user
running the MiniHMI.exe program.

See also :

http://dvlabs.tippingpoint.com/advisory/TPTI-07-15
http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0330.html
http://www.automatedsolutions.com/pub/asmbslv/ReadMe.htm

Solution :

Upgrade to version Automated Solutions Modbus Slave ActiveX Control
version 1.5 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SCADA

Nessus Plugin ID: 26066 ()

Bugtraq ID: 25713

CVE ID: CVE-2007-4827

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial