What's new:
- SQL LiveData provider tested with PostgreSQL 9.0.4, npgsql provider 2.0.11.91
- Server: Modbus TCP support
- Client: Modbus thermostat integration demo
Date: October 27, 2011
Subject: DoS vulnerability in CSWorks LiveData Service
Versions: 2.0.4115.0 and earlier
Summary: Remote attackers can perform a denial of service(software crash).
Description
CSWorks LiveData Service 2.0.4115.0 and earlier allows remote attackers to cause a denial of service after sending crafted TCP
packets. Isolating communication between CSWorks LiveData Service and web servers that accept requests from client applications mitigates the issue.
Patch availability
CSWorks 2.0.4115.1 has been issued as security release to correct the defect. CSWorks administrators running affected versions are advised to upgrade to 2.0.4115.1 as soon as possible. The security release can be downloaded from CSWorks web site http://www.controlsystemworks.com/DownloadDescription.aspx.
Credits
The vulnerability was reported by Kuang-Chun Hung, Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3996 (will be available after confirmation by MITRE)
http://jvn.jp/en/jp/JVN98649286/index.html (will be available after confirmation by JPCERT/CC)
What's new:
A minor release. CSWorks installation package now includes a symbol library for building automation industry. Click on the image below to see our online demo.
What's new:
The following video shows CSWorks Windows Phone client in action:
What's new:
- 2-way remote alarm notification: email and SMS
The following video shows CSWorks SMS and email alarm notification in action:
- a user triggers an alarm by closing all intake valves;
- CSWorks Alarm Notification Service detects the active alarm and sends notification email (using SMTP server) and notification SMS (using GSM modem);
- pipeline operator gets notificatons by email and SMS;
- the operator sends acknowledgement SMS to the alarm notification server;
- the alarm gets acknowledged;
- the alarm goes inactive.
What's new:
- Security: item-level authorization, XmlAuthorizationProvider, using User.Identity
- Setup: better component granularity, friendly ASP.NET/IIS dialogs
- Security Demo: now uses LiveData, Alarm and Historical Data
Some people who are willing to try CSWorks have no possibility or desire to install IIS (Internet Information Services). Starting today, to make their lives a bit easier, we offer a special distribution of CSWorks called "CSWorks Light" that does not require IIS. A couple of highlights:
- this distribution uses Microsoft Cassini web server - a very simple and limited-functionality, lightweight alternative to IIS;
- this distribution misses some samples that work with IIS-hosted CSWorks;
- this distribution should not be used in production environment, it is for demo purposes only.
Cassini-based deployment has the following limitations:
- it can host only one ASP.NET application per port;
- it does not support HTTPS;
- it does not support authentication;
- it responds only to localhost requests.
Cassini was designed as a simple tool for debugging .NET applications and it is not officially supported by Microsoft (read full story here), so please do not expect stellar performance and production-grade reliability from CSWorks Light.
The link to CSWorks Light download will be provided in the email you will receive after submitting our download form.