This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.
The remote host contains the Automated Solutions Modbus TCP Slave
ActiveX control, which allows a PC to emulate a Modbus Serial and / or
TCP slave device.
The version of this control installed on the remote host reportedly
contains a buffer overflow issue with the Modbus/TCP Diagnostic
function (FC8). Using specially-crafted Modbus requests. An
unauthenticated remote attacker may be able to leverage this issue to
execute arbitrary code remotely subject to the privileges of the user
running the MiniHMI.exe program.
See also :
Upgrade to version Automated Solutions Modbus Slave ActiveX Control
version 1.5 or later.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 5.6
Public Exploit Available : false