InduSoft ISSymbol ActiveX Control Buffer Overflow
Act NowICS-CERT ICSA-12-249-03Jun 9, 2012
Summary
A buffer overflow vulnerability exists in the ISSymbol ActiveX Control used by InduSoft applications. The vulnerability is triggered when a specially crafted input is processed by the control, potentially leading to arbitrary code execution on systems with the control registered. Affected versions include ISSymbol ActiveX Control Build_301.1009.2904.0 and earlier, InduSoft Thin Client 7.0, and Web Studio 7.0B2. AVEVA has not released patches for these products.
What this means
What could happen
A buffer overflow in the ISSymbol ActiveX Control could allow an attacker to execute arbitrary code on engineering workstations or client systems running the vulnerable component, potentially compromising access to InduSoft applications and the connected control systems.
Who's at risk
Engineering staff and operators using InduSoft Thin Client or Web Studio 7.0, particularly those accessing these tools through web-based interfaces on Windows systems. This affects any facility running AVEVA InduSoft applications for process visualization and control on legacy systems.
How it could be exploited
An attacker could craft a malicious web page or document that triggers the buffer overflow when loaded in Internet Explorer on a system with the vulnerable ISSymbol ActiveX Control registered. Successful exploitation would execute arbitrary code with the privileges of the browser process.
Prerequisites
- ActiveX control must be registered on the target system
- User must open a malicious web page or document in Internet Explorer
- ISSymbol ActiveX Control versions Build_301.1009.2904.0 or earlier
no patch availableremotely exploitable via web browseraffects engineering workstationslegacy ActiveX technologyhigh EPSS score (44.9%)
Exploitability
High exploit probability (EPSS 44.9%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
ISSymbol ActiveX Control: Build_301.1009.2904.0Build 301.1009.2904.0No fix (EOL)
Thin Client: 7.07.0No fix (EOL)
Web Studio: 7.0B27.0B2No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisable or uninstall the ISSymbol ActiveX Control if not actively required for operations
HARDENINGConfigure Internet Explorer to disable ActiveX controls or set security zones to block untrusted ActiveX execution
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGRestrict access to InduSoft Thin Client and Web Studio to trusted networks only using firewall rules
HARDENINGSegment engineering workstations running InduSoft from general corporate internet access
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: ISSymbol ActiveX Control: Build_301.1009.2904.0, Thin Client: 7.0, Web Studio: 7.0B2. Apply the following compensating controls:
HARDENINGApply Microsoft Internet Explorer security updates and consider transitioning to modern browsers that do not support legacy ActiveX controls
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9205cebe-24e3-4b36-85c8-edd9992a9773