Detections
Analytics

Sony Network Cameras Heap-based Buffer Overflow (CVE-2007-3488)

critical Tenable OT Security Plugin ID 502749

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29;
SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31;
allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://jvn.jp/en/jp/JVN16767117/041520/index.html

http://jvn.jp/en/jp/JVN16767117/index.html

http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html

http://osvdb.org/39479

http://www.nessus.org/u?4ddac08b

http://www.securityfocus.com/bid/24684

https://exchange.xforce.ibmcloud.com/vulnerabilities/35133

https://www.exploit-db.com/exploits/4120

Plugin Details

Severity: Critical

ID: 502749

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2007-3488

Vulnerability Information

CPE: cpe:/h:sony:sony_network_camera_snc-p5:1.0

Required KB Items: Tenable.ot/Sony

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/29/2007

Vulnerability Publication Date: 6/29/2007

Reference Information

CVE: CVE-2007-3488