Date: October 27, 2011
Subject: DoS vulnerability in CSWorks LiveData Service
Versions: 2.0.4115.0 and earlier
Summary: Remote attackers can perform a denial of service(software crash).
CSWorks LiveData Service 2.0.4115.0 and earlier allows remote attackers to cause a denial of service after sending crafted TCP
packets. Isolating communication between CSWorks LiveData Service and web servers that accept requests from client applications mitigates the issue.
CSWorks 2.0.4115.1 has been issued as security release to correct the defect. CSWorks administrators running affected versions are advised to upgrade to 2.0.4115.1 as soon as possible. The security release can be downloaded from CSWorks web site http://www.controlsystemworks.com/DownloadDescription.aspx.
The vulnerability was reported by Kuang-Chun Hung, Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3996 (will be available after confirmation by MITRE)
http://jvn.jp/en/jp/JVN98649286/index.html (will be available after confirmation by JPCERT/CC)