KLA10502
Multiple vulnerabilities in BACnet OPC Server
Updated: 06/01/2019
Detect date
?
03/16/2015
Severity
?
Critical
Description

Multiple critical vulnerabilities have been found in BACnet OPC Server. Malicious users can exploit these vulnerabilities to execute arbitrary files and read&write local database.

Below is a complete list of vulnerabilities

  1. An unknwon vulnerabilities can be exploited remotely via unknown vectors related to SOAP web interface;
  2. Heap-based buffer overflow and format string vulnerability can be exploited remotely via a specially designed packet or string.
Affected products

BACnet OPC Server versions earlier than 2.1.371.24

Solution

Update to the latest version!
Get BACnet OPC Server

Impacts
?
ACE 
[?]

OSI 
[?]
CVE-IDS
?
CVE-2015-09817.5Critical
CVE-2015-09799.0Critical
CVE-2015-09809.0Critical