Optima PLC APIFTP Server Denial Of Service Vulnerabilities Network Vulnerability

Summary

This host is running Optima PLC APIFTP Server and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Multiple errors in the APIFTP Server (APIFTPServer.exe) when handling certain specially crafted packets sent to TCP port 10260 and be exploited to cause a NULL pointer dereference or an infinite loop.

Affected

Optima PLC APIFTP version 2.14.6 and prior

References

http://aluigi.altervista.org/adv/optimalog_1-adv.txt
http://secunia.com/advisories/46830
http://www.osvdb.org/77101
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-03.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-02.pdf

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-5048, CVE-2012-5049
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
Abyss httpd DoS
Dnsmasq Remote Denial of Service Vulnerability
Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Win)
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)

Optima PLC APIFTP Server Denial of Service Vulnerabilities

Take action and discover your vulnerabilities