Home -> Resources -> SCADA/ICS Vulnerability Reference -> AzeoTech DAQFactory

AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Vulnerabilities

September 13, 2011

Luigi Auriemma has discovered two vulnerabilities in DAQFactory, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors when logging client details for received NETB datagrams and can be exploited to cause stack-based buffer overflows via an overly large, specially crafted datagram sent to UDP port 20034.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities are confirmed in version 5.85 build 1853. Other versions may also be affected.

ICS-CERT Advisories / Alerts

ICSA-11-264-01
ICS-ALERT-11-256-02

Vendor Website (include Patches / Hotfixes)

Vendor Homepage
DAQFactory Product Info
DAQFactory 5.86 Download

Exploit Proof-of-Concept

Metasploit Framework (windows/scada/daq_factory_bof)
Exploit-DB ID 17855 (Metasploit Module)
Exploit-DB ID 17841
Additional PoC links available in Disclosure Reference by Luigi Auriemma

Common Vulnerability & Exposure (CVE) References

CVE-2011-3492

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 17841
Exploit-DB ID 17855 (Metasploit Module)
Secunia Advisory #45968
Open-Source Vulnerability Database #75496

SCADA Alert: Fixes in Works (ISSSource)
More SCADA Vulnerabilities Hit Industry (ISSSource)