CVE-2007-4473

critical

Description

Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39062

http://www.securityfocus.com/bid/26876

http://www.neutralbit.com/en/rd/opctest/

http://www.neutralbit.com/downloads/NB-NB-001-EXT-OPC%20Security%20Testing.pdf

http://www.kb.cert.org/vuls/id/205073

http://secunia.com/advisories/28079

http://osvdb.org/42650

Details

Source: Mitre, NVD

Published: 2007-12-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05689