Siemens FactoryLink multiple vulnerabilities

Multiple vulnerabilities in Siemens FactoryLink can be exploited by malicious people to disclose potentially sensitive information, cause a Denial of Service, and compromise a vulnerable system, according to Secunia.

1. A boundary error in the CSService service when creating a log message can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 7580.

2. An input validation error the CSService service when processing certain commands can be exploited to read arbitrary files via a specially crafted packet containing an absolute path or directory traversal specifiers sent to TCP port 7580.

3. Some boundary errors in vrn.exe when processing certain commands can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 7579.

4. An input validation error vrn.exe when processing a certain command can be exploited to read arbitrary files via a specially crafted packet containing an absolute path or directory traversal specifiers sent to TCP port 7579.

5. An error in the CSService, connsrv, and datasrv services when processing certain fields within a packet can be exploited to cause a loop within a recursive function and crash the process via a specially crafted packet sent to TCP port 6096 or 7580.

6. An error in the CSService service when processing a certain command can be exploited to access an invalid memory location and crash the process via a specially crafted packet sent to TCP port 7580.

7. A NULL-pointer dereference error in the connsrv service when processing a certain command can be exploited to crash the process via a specially crafted packet sent to TCP port 6096.

The vulnerabilities are reported in version 8.0.1.1473. Other versions may also be affected.

Solution: Restrict access to trusted hosts only (e.g. via network access control lists).