For those of you out there that might be running an older version of LiveData’s Protocol Server, there is a vulnerability posted today. This is a denial of service that may lead to arbitrary code execution. There is a patch available for this one.
From Secunia:
Description:
A vulnerability has been reported in LiveData Protocol Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.The vulnerability is caused due to an error within the handling of requests for WSDL files. This can be exploited to cause a heap-based buffer overflow via a specially crafted request to the service (default port 8080/TCP).
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 5.00.045. Other versions may also be affected.
Solution:
Apply update 500062 or later.
http://www.livedata.com/content/view/46/23/
More on this from FrSIRT. ISOs and any SCADA operator that uses this technology should be on watch for scans on TCP port 8080. Ideally these devices are not accessible from the internet.
Tags: SCADA Security, LiveData, Remote Code Exploit, DoS
