October 6, 2011

Independent security researchers Billy Rios and Terry McCorkle have found a vulnerability within a third-party product of the Unitronics UniOPC Server.

UniOPC is prone to a remote code-execution vulnerability because it fails to properly sanitize input from a third-party plugin - IP*Works! SSL ActiveX control (https50.ocx).

An attacker may leverage this issue to execute arbitrary code on a system running an affected version of the vulnerable product; failed attacks may cause denial-of-service conditions.

UniOPC prior to 2.0.0 is vulnerable; other versions may also be affected.

SCADAhacker comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011 a session entitled "100 Bugs in 100 Days: An Analysis of ICS (SCADA) Software". You can view the presentation by clicking here.

ICSA-11-279-03A
ICSA-11-279-03

Unitronics Home Page
IP*Works! SSL Product Info
Software Updates

No public exploit is available at this time.

Not available at this time.

IBM Internet Security Systems #70402
Open-Source Vulnerability Database #76267
Secunia Advisory #45601
Secunia Vulnerability Report and Statistics on Unitronics OPC Server 1.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50003

UniOPC Server Vulnerabilities (ISSSource)