Schneider CitectSCADA / Mitsubishi MX4 SCADA Batch Server Buffer Overflow Vulnerability
November 8, 2011
Researcher Kuang-Chun Hung of Taiwan’s Information and
Communication Security Technology Center (ICST) has reported
a buffer overflow affecting Mitsubishi MX4 Supervisory
Control and Data Acquisition (SCADA). Upon further
investigation, MX4 SCADA was found to be a version of
CitectSCADA, a product offered by Schneider Electric.
A buffer overflow vulnerability resides in a third-party
component used by the CitectSCADA and MX4 SCADA Batch
products. The vulnerability is caused due to a boundary
error in the batch module when handling the logon sequence
and can be exploited to cause a buffer overflow via an
overly long string. Successful exploitation of this
vulnerability could allow an attacker to execute arbitrary
code.
The following products and versions are affected:
- CitectSCADA V7.10 and prior using the CitectSCADA
Batch Server module.
- Mitsubishi MX4 SCADA V7.10 and prior using the MX4
SCADA Batch module.