SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-444543920] Digital Canal Structural Wind Analysis

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-06OtherDigital Canal StructuralKarn Ganeshen has identified the vulnerability. N/ACVE-2017-7910 N/AN/AN/A

Source

						
							
								
#
# Digital Canal Structural Wind Analysis
#


### VULNERABLE VENDOR
Digital Canal Structural


### VULNERABLE PRODUCT
Wind Analysis



### RESEARCHER
Karn Ganeshen has identified the vulnerability.



### AFFECTED PRODUCTS

The following versions of Wind Analysis, a structural engineering software platform, are affected:

Wind Analysis versions 9.1 and prior.



### IMPACT

Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unavailable, resulting in a denial of service.



### VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW CWE-121
An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.
CVE-2017-7910 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sector: Commercial Facilities
Countries/Areas Deployed: United States
Company Headquarters Location: Dubuque, Iowa




### MITIGATION

Digital Canal Structural recommends that users upgrade to the latest version of the software, which can be obtained from the following location:

ftp://ftp.digitalcanal.com/CLIENT_SUPPORT/Structural/Products/Wind9/WindV9Setup.exe