Update Protection against Siemens Tecnomatix FactoryLink SCADA CSService GetFileInfo Buffer Overflow
| Check Point Reference: | CPAI-2011-276 | |
| Date Published: | ||
| Severity: | ||
| Source: | Check Point IPS Research Team | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Siemens Tecnomatix FactoryLink SCADA 8.0.1.1473 and prior | ||
| Vulnerability Description A buffer overflow vulnerability have been reported in Siemens Tecnomatix FactoryLink SCADA system. A remote attacker could exploit this issue by sending a specially crafted CSService GetFileInfo message to the target server. |
||
|
Vulnerability Details The vulnerability is due to a boundary error in Siemens Tecnomatix FactoryLink CSService while handling GetFileInfo requests sent to the server. A remote attacker could exploit this issue by sending a specially crafted CSService GetFileInfo message to the target server. Successful exploitation of this vulnerability would lead to stack buffer overflow that could lead to a denial of service condition and may lead to code injection and execution in the context of the affected server. |
Protection Overview
This protection will detect and block specially crafted CSService GetFileInfo messages to the target server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.