InduSoft ISSymbol ActiveX Control Buffer Overflow

Low RiskICS-CERT ICSA-11-273-02Jul 3, 2011

Summary

InduSoft Web Studio versions 7.0 and 7.0B2 contain a buffer overflow vulnerability in the ISSymbol ActiveX control (CWE-119). This control can be triggered via malicious web content loaded in Internet Explorer, leading to arbitrary code execution on the affected workstation with the privileges of the logged-in user.

What this means

What could happen

An attacker could overflow a buffer in the ISSymbol ActiveX control and execute arbitrary code on engineering workstations running InduSoft Web Studio, potentially compromising the ability to safely monitor or modify industrial processes.

Who's at risk

Engineering and operations teams using InduSoft Web Studio 7.0 or 7.0B2 for SCADA/HMI visualization and control on Windows workstations. This affects organizations in utilities, manufacturing, and critical infrastructure that depend on InduSoft for operator interface and process monitoring.

How it could be exploited

An attacker creates a malicious web page or document containing a specially crafted ISSymbol ActiveX control that triggers a buffer overflow when loaded in Internet Explorer on a workstation with InduSoft Web Studio installed. The attacker tricks an engineer into opening the malicious content, allowing code execution in the context of the browser.

Prerequisites

InduSoft Web Studio 7.0 or 7.0B2 installed on a Windows workstation
Internet Explorer with ActiveX controls enabled
Engineer or operator visits attacker-controlled or compromised website, or opens malicious document

Affects engineering workstations (high-privilege targets)ActiveX exploitation vectors are well-knownNo vendor patch availableBuffer overflow can lead to arbitrary code execution

Exploitability

Moderate exploit probability (EPSS 7.3%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

InduSoft Web Studio: 7.0B2_Build:_0301.1009.2904.00007.0B2 Build: 0301.1009.2904.0000No fix yet

InduSoft Web Studio: 7.0_Build:_0301.1102.0303.00007.0 Build: 0301.1102.0303.0000No fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDisable ActiveX controls in Internet Explorer, or restrict ActiveX to trusted sites only

HARDENINGBlock unnecessary outbound connections from engineering workstations to the internet using firewall rules

HARDENINGEnforce a policy that engineers do not browse untrusted websites from workstations running InduSoft Web Studio

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEvaluate upgrade path to a newer version of InduSoft Web Studio once AVEVA releases patched versions

Long-term hardening

0/1

HARDENINGIsolate engineering workstations on a separate network segment with restricted internet access

CVEs (1)

CVE-2011-0342

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/20db1ca0-897c-479d-9469-a8c4b2b23b39