QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1313

Published: Mar 21, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

20070322 [NB07-22] Multiple vulnerabilities in NETxEIB OPC server

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/MIMG-6XEPXN

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

http://www.neutralbit.com/advisories/NB07-22.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.