← back
CVE-2008-2639

CVE-2008-2639

EPSS 77.7%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 77.7%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
11 Jun 2008Metasploit module available
16 Jun 2008Published on NVD
14 Nov 2010Public PoC
Weaponization speed
880 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.