This host is running xArrow and is prone to multiple denial of service vulnerabilities.

Successful exploitation may allow remote attackers to execute arbitrary code or cause the application to crash. Impact Level: System/Application

Upgrade to xArrow version 3.4.1 or later, For updates refer to http://www.xarrow.net/

- A NULL-pointer dereference error in SCADA.exe due to missing validation when allocating memory can be exploited to cause a crash via a specially crafted packet sent to TCP port 1975. - An error in SCADA.exe when allocating memory to process certain packets can be exploited to cause limited memory corruption and crash the service via a specially crafted packet sent to TCP port 1975. - An integer overflow error in SCADA.exe when processing certain packets can be exploited to cause a crash via a specially crafted datagram sent to UDP port 1974. - An error in SCADA.exe when processing certain packets can be exploited to cause a crash via a specially crafted datagram sent to UDP port 1974.

xArrow versions before 3.4.1

• http://aluigi.org/adv/xarrow_1-adv.txt
• http://osvdb.org/79859
• http://secunia.com/advisories/48276
• http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-065-01.pdf
• http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf

---

Updated on 2015-03-25