This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An application running on the remote host is affected by multiple
The remote host is running a version of SCADA Engine BACnet OPC Server
prior to version 2.1.371.24. It is, therefore, affected by multiple
- A heap-based buffer overflow exists in the SOAP web
interface, which a remote attacker, using a specially
crafted packet, can exploit to execute arbitrary code
or crash the service. (CVE-2015-0979)
- An vulnerability exists in 'BACnetOPCServer.exe' due to
not properly sanitizing user-supplied input. A remote
attacker, using format string specifiers, can exploit
this to execute arbitrary code or crash the service.
- An authentication bypass flaw exists in the SOAP web
interface, which allows a remote attacker to read or
write or delete arbitrary database fields.
See also :
Upgrade to SCADA Engine BACnet OPC Server 2.1.371.24 or later.
Risk factor :
High / CVSS Base Score : 9.0