By Eduard Kovacs on November 26, 2014
Canada-based industrial connectivity solutions provider MatrikonOPC has released a software update to address a vulnerability affecting OPC Server for DNP3 (Distributed Network Protocol).
MatrikonOPC Server for DNP3 is a Windows application that facilitates connectivity to multiple DNP3 compliant devices, including remote terminal units, meters, and programmable logic controllers. The product is used by organizations in sectors such as chemical and energy, mainly in the United States, the United Kingdom and Canada.
According to an advisory published on Tuesday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the product is affected by an unhandled C++ exception that can be exploited remotely to cause a denial-of-service (DoS) loop in the MatrikonOPC Server for DNP3 Windows service. An attacker can cause the OPC server to exit and stop communicating until it's manually restarted.
"An unhandled C++ exception occurs upon receiving a specifically formatted message. The DNP3 process within Windows service crashes, and the service cannot be stopped via services dialog. Restoration of service requires a system reboot," reads the advisory.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.