CVE-2010-4740

Name of the Vulnerable Software and Affected Versions SCADA Engine BACnet OPC Client versions prior to 1.0.25

Description The issue is related to a stack-based buffer overflow in the WTclient.dll component, which can be exploited by remote attackers through a crafted .csv file. This exploitation is user-assisted and can lead to the execution of arbitrary code, specifically when related to a status log message.

Recommendations For versions prior to 1.0.25, update to version 1.0.25 or later to resolve the issue. As a temporary workaround, consider restricting the handling of .csv files by the WTclient.dll component until a patch is applied. Avoid using the vulnerable component for logging status messages until the issue is resolved.