DNP3 Protocol - Outstation Server Simulator, Client Master Simulator, Source Code for Windows and Linux (ARM) -C, C++, C# .NET Programming - Complete Implementation including file transfer
Home Page: http://www.freyrscada.com/dnp3-ieee-1815.php
When file transfer support is enabled, the application fails to parse overly long directory names.
0:001> g
ModLoad: 76000000 76083000 C:\Windows\system32\CLBCatQ.DLL
ModLoad: 72860000 728b8000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
ModLoad: 74f80000 74fbc000 C:\Windows\system32\mswsock.dll
ModLoad: 74ad0000 74ad5000 C:\Windows\System32\wshtcpip.dll
(a40.6c0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=032cfefc ebx=01cd5240 ecx=00000000 edx=41414141 esi=00000002 edi=032cfe60
eip=0046d618 esp=032cfd44 ebp=032cfd54 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
*** WARNING: Unable to verify checksum for C:\Program Files\FreyrSCADA Embedded Solution\DNP3 Client-Master Simulator\FreyrDNPClientSim.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\FreyrSCADA Embedded Solution\DNP3 Client-Master Simulator\FreyrDNPClientSim.exe -
FreyrDNPClientSim!Unit9Finalize+0x33614:
0046d618 8b4af8 mov ecx,dword ptr [edx-8] ds:0023:41414139=????????
0:004> !exchain
032cfeb8: 41414141
Invalid exception stack at 41414141
0:004> g
(a40.6c0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=41414141 edx=774371cd esi=00000000 edi=00000000
eip=41414141 esp=032cf818 ebp=032cf838 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
41414141 ?? ???
0:004> !exploitable
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Read Access Violation at the Instruction Pointer starting at Unknown Symbol @ 0x0000000041414141 called from ntdll!RtlRaiseStatus+0x00000000000000b4 (Hash=0x3c79292c.0x49336407)
Access violations at the instruction pointer are exploitable if not near NULL.
0:004> lmvm FreyrDNPClientSim
start end module name
00400000 007dd000 FreyrDNPClientSim C (export symbols) C:\Program Files\FreyrSCADA Embedded Solution\DNP3 Client-Master Simulator\FreyrDNPClientSim.exe
Loaded symbol image file: C:\Program Files\FreyrSCADA Embedded Solution\DNP3 Client-Master Simulator\FreyrDNPClientSim.exe
Image path: C:\Program Files\FreyrSCADA Embedded Solution\DNP3 Client-Master Simulator\FreyrDNPClientSim.exe
Image name: FreyrDNPClientSim.exe
Timestamp: Sat Feb 08 21:24:49 2020 (5E3F8991)
CheckSum: 00000000
ImageSize: 003DD000
File version: 21.4.22.0
Product version: 21.4.22.0
File flags: 2 (Mask 3F) Pre-release
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: FreyrSCADA
ProductName: DNP3 Client / Master Simulator - Demo
InternalName: FreyrDNPClientSim.exe
OriginalFilename: FreyrDNPClientSim.exe
ProductVersion: 21.04.022
FileVersion: 21.4.22.0
FileDescription: DNP3 Client Simulator - Demo
LegalCopyright: ©2020, www.freyrscada.com, All Rights Reserved
LegalTrademarks: FreyrSCADA
Comments: DNP3 Client / Master Simulator - Demo
Is there a point of contact handling security vulnerabilities? We issued an email on 2020-10-22 regarding security vulnerability affecting FreyrSCADA IEC-60879-5-104 server and to date have not received a response.
If there's a way to mark this issue private for security purposes, we can also submit the advisory in GitHub.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.