OTPulse
FeedAboutContact

Automated Solutions OPC Vulnerability

Act NowICS-CERT ICSA-10-322-02AAug 21, 2010
Summary

Automated Solutions Modbus/TCP Master OPC Server version 3.0.0 and earlier contains a buffer overflow vulnerability (CWE-119) in Modbus/TCP protocol handling. An attacker can send a specially crafted Modbus/TCP message to cause a buffer overflow, potentially leading to denial of service or remote code execution on the OPC Server. This would disrupt communication between SCADA/HMI systems and field devices.

What this means
What could happen
A buffer overflow in the Modbus/TCP Master OPC Server could allow an attacker with network access to crash the server or potentially execute arbitrary code, interrupting communication between your engineering systems and field devices.
Who's at risk
Water and electric utilities using Automated Solutions Modbus/TCP Master OPC Server (version 3.0.0 and earlier) for communication between SCADA/HMI systems and field devices (PLCs, RTUs, meters) are affected. This is especially critical for organizations relying on this gateway for real-time process monitoring and control.
How it could be exploited
An attacker on the network sends a specially crafted Modbus/TCP message to the OPC Server (typically port 502). The malformed data overflows a buffer in the server process, allowing code execution or denial of service. This would disrupt real-time data flow between your SCADA/HMI systems and PLCs/RTUs in the field.
Prerequisites
  • Network access to the OPC Server port (typically TCP 502)
  • The OPC Server must be actively listening and processing Modbus/TCP traffic
remotely exploitableno patch availablebuffer overflow (low complexity)moderate exploit probability (EPSS 43%)
Exploitability
High exploit probability (EPSS 43.0%)
Affected products (1)
ProductAffected VersionsFix Status
Automated Solutions Modbus/TCP Master OPC Server product: <=3.0.0≤ 3.0.0No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDImplement firewall rules to restrict network access to the OPC Server port (TCP 502) to only authorized engineering workstations and control systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXIsolate or replace the Automated Solutions Modbus/TCP Master OPC Server with a newer product version or alternative vendor solution that receives security updates
Mitigations - no patch available
0/1
Automated Solutions Modbus/TCP Master OPC Server product: <=3.0.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the engineering/OPC network from general corporate networks and untrusted sources
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d75e4281-40b7-49ab-bad7-8533b1b0b1a9