LiveData Server Multiple Remote Vulnerabilities
Critical Nessus Plugin ID 25147
SynopsisThe remote host is running a SCADA server that is vulnerable to remote code execution and denial of service attacks.
DescriptionThe remote host is running a version of the LiveData ICCP server that is older than version 5.00.62. Such versions are affected by the following vulnerabilities :
- A heap overflow vulnerability can be triggered when processing malformed WSDL files via TCP leading to arbitrary code execution subject to the privileges of the remote service. (CVE-2007-2489)
- A denial of service attack is possible using specially crafted Connection-Oriented Transport Protocol (COTP) packets. (CVE-2007-2490)
SolutionUpgrade to LiveData Server release 5.00.62 or later.