PACTware 4.1 SP3 (4.1.0.42) File Processing Error Handling DoS

medium Nessus Plugin ID 90002

Synopsis

An application running on the remote host is affected by a denial of service vulnerability.

Description

The remote host is running PACTware version 4.1.0.42 SP3. It is, therefore, affected by a denial of service vulnerability due to a file processing error. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in a crash of the application.

Solution

Upgrade to PACTware version 4.1 Service Pack 4 or later.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-15-176-02

Plugin Details

Severity: Medium

ID: 90002

File Name: scada_pactware_4_1_0_50.nbin

Version: 1.99

Type: local

Agent: windows

Family: SCADA

Published: 3/17/2016

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2015-0989

Vulnerability Information

CPE: cpe:/a:icsgmbh:pactware

Required KB Items: installed_sw/PACTware

Exploit Ease: No known exploits are available

Patch Publication Date: 6/25/2015

Vulnerability Publication Date: 6/25/2015

Reference Information

CVE: CVE-2015-0989

BID: 75429

ICSA: 15-176-02