11 September 2018

Buffer overflow vulnerabilities in industrial automation products by Opto22

A critical buffer overflow vulnerability has been identified in Opto22 software products PAC Control Basic and PAC Control Professional. The products are used for industrial automation, industrial process control, building automation, remote monitoring, and industrial internet of things (IIoT) applications in various industrial sectors.

If successfully exploited, the CVE-2017-14026 vulnerability could cause the device being accessed to crash and could then allow remote execution of arbitrary code.

The flaw has been assigned a CVSS v.3 base score of 8.4. It affects versions R10.0а and earlier of the software.

To address the issue, the vendor recommends updating the software to the latest version.

Source: ICS-CERT