Vulnerability Details : CVE-2009-4462
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-4462
Probability of exploitation activity in the next 30 days: 77.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-4462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-4462
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-4462
-
http://www.vupen.com/english/advisories/2009/3542
Vendor Advisory
- http://www.securityfocus.com/archive/1/508449/100/0/threaded
-
http://www.kb.cert.org/vuls/id/181737
US Government Resource
-
http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
Exploit
-
http://blog.48bits.com/2009/12/12/exposing-hms-hicp-protocol-0day-light/
-
http://www.securityfocus.com/bid/37325
-
http://support.intellicom.se/getfile.cfm?FID=150&FPID=85
Products affected by CVE-2009-4462
- cpe:2.3:a:intellicom:netbiterconfig:1.3.0:*:*:*:*:*:*:*When used together with: Intellicom » Netbiter Webscada Ws100When used together with: Intellicom » Netbiter Webscada Ws200