Applies To:
  • CitectSCADA

SNMP (Simple Network Management Protocol) Security Issues reported in early 2002

The issue was described as "Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run" .

This issue exists within the server code on the PC actioning SNMP requests, not the Citect SNMP drivers

(the original SNMP and the later SNMPII)


Apply the patches outlined below for your operating system.

In Security Bulletin MS02-006, Microsoft detailed some SNMP vulnerabilities, but only offered a work-around when it was originally released. Since that time, version 2.0 of the document offered a patch for Windows 2000 and XP, version 3.0 fixed up NT 4.0. The latest iteration tells of patch availability for NT 4.0 Terminal Server. Patches are still being developed for Windows 9x/ME, so keep this link handy, as it will be updated further when that happens.

More details on this can be found in Q314147 at;EN-AU;q314147