CVE-2008-2639
CVE-2008-2639
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 77.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
11 Jun 2008Metasploit module available
16 Jun 2008Published on NVD
14 Nov 2010Public PoC
Weaponization speed
880 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/6387unverifiedexploitdbwww.exploit-db.com/exploits/16380unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://isc.sans.org/diary.html?storyid=4556http://secunia.com/advisories/30638http://securityreason.com/securityalert/3944http://securitytracker.com/id?1020241https://exchange.xforce.ibmcloud.com/vulnerabilities/42992https://www.exploit-db.com/exploits/6387http://www.coresecurity.com/?action=item&id=2186http://www.kb.cert.org/vuls/id/476345http://www.kb.cert.org/vuls/id/CTAR-7ENQNHhttp://www.securityfocus.com/archive/1/493272/100/0/threadedhttp://www.securityfocus.com/bid/29634http://www.vupen.com/english/advisories/2008/1834/references