xArrow Multiple Vulnerabilities

Low RiskICS-CERT ICSA-12-145-02Feb 25, 2012

Summary

xArrow software versions prior to 3.4.1 contain multiple buffer overflow and null pointer dereference vulnerabilities (CWE-119, CWE-122, CWE-125, CWE-476). These memory safety issues could allow an attacker to cause denial of service or potentially execute arbitrary code.

What this means

What could happen

An attacker could crash xArrow or potentially run arbitrary commands, disrupting the software's functionality and potentially affecting any automated processes or reporting that depend on it.

Who's at risk

Organizations using xArrow for data collection, reporting, or automation in water and electrical utilities should assess this risk. xArrow is often deployed as a data aggregation or historical logging tool that feeds information to other systems.

How it could be exploited

An attacker would need to send specially crafted input or data to xArrow that triggers one of the buffer overflow or null pointer dereference conditions. The specific attack vector depends on how xArrow accepts input (network connections, file processing, or local data handling).

Prerequisites

xArrow version prior to 3.4.1 must be deployed
Attacker must be able to reach the xArrow instance or provide malformed input that the software processes

low-complexity exploitationmemory safety vulnerabilitiesaffects information management software

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (1)

ProductAffected VersionsFix Status

xArrow software: <3.4.1<3.4.13.4.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to xArrow instances using firewall rules to trusted engineering workstations and control systems only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate xArrow to version 3.4.1 or later

Mitigations - no patch available

0/2

xArrow software: <3.4.1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor xArrow logs for unexpected crashes or errors that could indicate exploitation attempts

HARDENINGVerify input validation and error handling in any custom integrations or scripts that feed data to xArrow

CVEs (4)

CVE-2012-2429 CVE-2012-2427 CVE-2012-2428 CVE-2012-2426

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/65605748-3b82-41e9-872f-5e39549cb630