CVE-2008-2639

high

Description

Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.

References

http://isc.sans.org/diary.html?storyid=4556

http://secunia.com/advisories/30638

http://securityreason.com/securityalert/3944

http://securitytracker.com/id?1020241

http://www.coresecurity.com/?action=item&id=2186

http://www.kb.cert.org/vuls/id/476345

http://www.kb.cert.org/vuls/id/CTAR-7ENQNH

http://www.securityfocus.com/archive/1/493272/100/0/threaded

http://www.securityfocus.com/bid/29634

http://www.vupen.com/english/advisories/2008/1834/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/42992

https://www.exploit-db.com/exploits/6387

Details

Source: MITRE

Published: 2008-06-16

Updated: 2018-10-11

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH