Open Automation Software OPC Systems.NET Denial-of-Server Vulnerability
October 12, 2011 (updated January 12, 2012)
Luigi Auriemma publicly reported a malformed packet vulnerabilities with RPC
packets in the Open Automation Software's OPC Systems.NET application potentially
creating a denial-of-service situation. Proof-of-concept
(PoC) exploit code accompanied this report.
The vulnerability is exploitable by sending a malformed .NET
Remote Procedure Call (RPC) packet to cause a denial of
service (DoS) through port 58723/tcp, denying service to legitimate users.
ICS-CERT has coodinated this vulnerability with OAS, and an
update is available that resolves this vulnerability. Luigi
Auriemma has tested the update and has confirmed that it
resolves the vulnerability.
All versions of
OPC Systems.NET prior to 5.0 are affected.