__________________________________________________________
	
						   The U.S. Department of Energy
					   Computer Incident Advisory Capability
							   ___  __ __    _     ___
							  /       |     /_\   /
							  \___  __|__  /   \  \___
				 __________________________________________________________
	
								 INFORMATION BULLETIN
	
								OPC Server Vulnerability
								  [Takebishi 1231207]
	
	March 22, 2007 14:00 GMT                                          Number R-182
	______________________________________________________________________________
	PROBLEM:       The OPC server contains a vulnerability that may allow a remote 
				   attacker to execute arbitrary code or cause a 
				   denial-of-servcie. 
	PLATFORM:      DeviceXPlorer MELSEC OPC Server 
				   DeviceXPlorer SYSMAC OPC Server 
				   DeviceXPlorer FA-M3 OPC Server 
				   DeviceXPlorer TOYOPUC OPC Server 
				   DeviceXPlorer HIDIC OPC Server 
				   DeviceXPlorer MODBUS OPC Server 
				   "V3.11 Build6 former" and "V3.12 Build1" and "V3.12 Build2" of 
					 the above products. 
				   NETxEIB OPC Server 
	DAMAGE:        May allow a remote attacker to execute arbitrary code or cause 
				   a denial-of-servcie. 
	SOLUTION:      Upgrade to the appropriate version. 
	______________________________________________________________________________
	VULNERABILITY  The risk is MEDIUM. May allow a remote attacker to execute 
	ASSESSMENT:    arbitrary code or cause a denial-of-servcie. 
	______________________________________________________________________________
	LINKS: 
	 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/r-182.shtml 
	 ORIGINAL BULLETIN:  http://www.faweb.net/us/opc/1231207.html 
	 ADDITIONAL LINKS:   US-CERT Vulnerability Note VU#926551
						 http://www.kb.cert.org/vuls/id/926551
						 US-CERT Vulnerability Note VU#296593
						 http://www.kb.cert.org/vuls/id/296593
	 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= 
						 CVE-2007-1319 CVE-2007-1313 
	______________________________________________________________________________
	[***** Start Takebishi 1231207 *****]
	
	<Security Notice>The vulnerability of DeviceXPlorer OPC Server
	 
	
	
	
	Mar. 16, 2007
	TAKEBISHI Corporation
	 
	
	SYMPTOM 
	The vulnerabilitiy was pointed out regading DeviceXPlorer OPC Server. There 
	are possibilities for a remote attacker to access aribitrary memory in the OPC 
	Server via the OPCDA inteface, potentially leading to malicious code execution. 
	(Currently the report of the affair has not yet come to us.)  
	
	
	
	
	RESOLUTION 
	We have might improved relevant software and have already released "DeviceXPlorer 
	OPC Server V3.12 Build3." Upgrade to the latest version. If you could not replace 
	relevant software by the latest version, even if you done, you should strictly 
	configure the RPC settings. And, control the access permissions when OPC Server 
	is connected from OPC Client applications through different network segment.  
	
	
	
	
	AFFECTED PRODUCTS 
	DeviceXPlorer MELSEC OPC Server
	DeviceXPlorer SYSMAC OPC Server
	DeviceXPlorer FA-M3 OPC Server
	DeviceXPlorer TOYOPUC OPC Server
	DeviceXPlorer HIDIC OPC Server
	DeviceXPlorer MODBUS OPC Server
	"V3.11 Build6 former" and "V3.12 Build1" and "V3.12 Build2" of the above products.  
	
	
	
	
	SUPPORT 
	TAKEBISHI Corporation
	29 Mamedacho Nishikyogoku Ukyoku Kyoto 615-8501, JAPAN
	TEL +81-75-325-2171 / FAX +81-75-325-2273
	Acceptance time 9:00-12:00 / 13:00-17:00 (JP Local Time Zone)
	Email fa-support@takebishi.co.jp
	Contact Person : Ryuji Takeuchi / Masatoshi Ike
	 
	
	
	[***** End Takebishi 1231207 *****]
	_______________________________________________________________________________
	
	CIAC wishes to acknowledge the contributions of Takebishi for the 
	information contained in this bulletin.
	_______________________________________________________________________________
	
	
	CIAC, the Computer Incident Advisory Capability, is the computer
	security incident response team for the U.S. Department of Energy
	(DOE) and the emergency backup response team for the National
	Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
	National Laboratory in Livermore, California. CIAC is also a founding
	member of FIRST, the Forum of Incident Response and Security Teams, a
	global organization established to foster cooperation and coordination
	among computer security teams worldwide.
	
	CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
	can be contacted at:
		Voice:    +1 925-422-8193 (7x24)
		FAX:      +1 925-423-8002
		STU-III:  +1 925-423-2604
		E-mail:   ciac@ciac.org
	
	Previous CIAC notices, anti-virus software, and other information are
	available from the CIAC Computer Security Archive.
	
	   World Wide Web:      http://www.ciac.org/
	   Anonymous FTP:       ftp.ciac.org
	
	PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
	communities receive CIAC bulletins.  If you are not part of these
	communities, please contact your agency's response team to report
	incidents. Your agency's team will coordinate with CIAC. The Forum of
	Incident Response and Security Teams (FIRST) is a world-wide
	organization. A list of FIRST member organizations and their
	constituencies can be obtained via WWW at http://www.first.org/.
	
	This document was prepared as an account of work sponsored by an
	agency of the United States Government. Neither the United States
	Government nor the University of California nor any of their
	employees, makes any warranty, express or implied, or assumes any
	legal liability or responsibility for the accuracy, completeness, or
	usefulness of any information, apparatus, product, or process
	disclosed, or represents that its use would not infringe privately
	owned rights. Reference herein to any specific commercial products,
	process, or service by trade name, trademark, manufacturer, or
	otherwise, does not necessarily constitute or imply its endorsement,
	recommendation or favoring by the United States Government or the
	University of California. The views and opinions of authors expressed
	herein do not necessarily state or reflect those of the United States
	Government or the University of California, and shall not be used for
	advertising or product endorsement purposes.
	
	LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
	
	R-172: GnuPG Security Update
	R-173: NetMail 3.5.2E Update
	R-174: HP-UX Java (JRE and JDK) Vulnerability
	R-175: Security Vulnerability in the ipmitool(1m) Interface to Sun Fire
	R-176: Apple Security Update 2007-003
	R-177: Linux Kernel Vulnerable to DoS via ipv6_getsockopt_sticky() Function
	R-178: Bind Security Update
	R-179: Sun Java System Web Server Vulnerability
	R-180: Kernel Security and Bug Fix Update
	R-181: OpenBSD's IPV6 MBUFS Vulnerability