Opto 22

43044 Business Park Drive, Temecula, CA 92590 USA
Local & outside the USA:(951) 695-3000
Toll-Free within the USA:(800) 321-6786
Fax: (951) 695-3095
Email: sales@opto22.com
 
KB84610
Vulnerability in OPC Test Client
Revision:  1.0
Published:  4/7/2015
Applies To
PAC Project Basic
PAC Project Professional
Versions
Problem affects:  
OPC Test Client in R9.4007 and lower
Problem is fixed in version:  
R9.4008

SYMPTOMS

There is a stack buffer overflow bug in older versions of OPC Test Client that can be exploited to execute code through exception handler chain corruption. This vulnerability is identified in the National Vulnerability Database as: CVE-2015-1007. (This link may not be working yet; if not, more information can be found on the ICS-CERT website at: https://ics-cert.us-cert.gov/advisories/ICSA-15-120-01)

How to tell if your OPC Test Client is affected

The OPC Test Client that contains the vulnerability was released with PAC Project versions R9.4007 and lower. We recommend you delete this older client, which looks like this (see steps to delete in the Resolution section, below):

 

RESOLUTION

Opto 22 has resolved this issue. Starting with PAC Project Pro 9.4008, we no longer include an OPC Test Client with PAC Project or the OptoOPCServer.  We have made an alternate test client available (ProSys OPC Client) on our FTP site at ftp://ftp.opto22.com.  Additional details about how to obtain and use the ProSys Test Client are in the updated version of the OptoOPCServer User's Guide, which is installed with the 9.4008 version of PAC Project Pro.

IMPORTANT: If you have the older OPC Test Client, we recommend you delete it from your computer. Follow these steps (steps may vary slightly depending on your version of Windows):

  1. Click the Start button and navigate to Programs > Opto 22 > PAC Project > OptoOPCServer.
  2. Right-click on the OPC Test Client link and choose Delete.
  3. Navigate to Program Files > Opto 22 > PAC Project.
  4. Right-click on the application file opctest.exe and choose Delete.

Relevant Downloads
No relevant downloads have been specified.
Questions? Contact Opto 22 Product Support.
Phone: 800-835-6786 or 951-695-3080
Email: support@opto22.com

DISCLAIMER

This Opto 22 Knowledge Base ('OptoKB') article is intended to provide general technical information on a particular subject or subjects and is not an exhaustive treatment of such subjects. Accordingly, the information in this OptoKB article is not intended to constitute application, design, software, or other professional engineering advice or services. Opto 22 may modify the OptoKB articles at any time. Before making any decision or taking any action which might affect your equipment, you should consult a qualified professional.

OPTO 22 DOES NOT WARRANT THE COMPLETENESS, TIMELINESS, OR ACCURACY OF THE DATA CONTAINED IN THIS OPTOKB ARTICLE AND MAY MAKE CHANGES THERETO AT ANY TIME AT ITS SOLE DISCRETION WITHOUT NOTICE. FURTHER, ALL INFORMATION CONVEYED HEREBY IS PROVIDED TO USERS 'AS IS.' IN NO EVENT SHALL OPTO 22 BE LIABLE FOR ANY DAMAGES OF ANY KIND INCLUDING DIRECT, INDIRECT INCIDENTAL, CONSEQUENTIAL, LOSS PROFIT, OR DAMAGE, EVEN IF OPTO 22 HAS BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGES.

OPTO 22 DISCLAIMS ALL WARRANTIES WHETHER EXPRESSED OR IMPLIED WITH RESPECT TO THE INFORMATION (INCLUDING HARDWARE, SOFTWARE, AND/OR FIRMWARE) PROVIDED HEREBY, INCLUDING THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTIBILITY, AND NON-INFRINGEMENT. Note that certain jurisdictions do not sanction the exclusion of implied warranties: thus, this disclaimer may not apply to you.

Copyright © 2017 Opto 22. All rights reserved.

My.Opto22

All Opto22

Request Information
  • FREE Product Brochure
  • Product Demonstration
  • PreSales Engineering Assistance

Opto 22 Product Support

Opto 22 Product Support is FREE Monday through Friday 7 a.m. to 5 p.m. Pacific Time

Product Support Numbers:

Local: (951) 695-3080
Toll-Free: (800) 835-6786
Fax: (951) 695-3017
support@opto22.com

Products

None

Downloads

None

Documents

None