Vulnerabilities > CVE-2013-0662 - Out-of-bounds Write vulnerability in Schneider-Electric products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
schneider-electric
CWE-787
critical
exploit available

Summary

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionSEIG Modbus 3.4 - Remote Code Execution. CVE-2013-0662. Remote exploit for Windows_x86 platform
    fileexploits/windows_x86/remote/45220.py
    idEDB-ID:45220
    last seen2018-08-20
    modified2018-08-20
    platformwindows_x86
    port
    published2018-08-20
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45220/
    titleSEIG Modbus 3.4 - Remote Code Execution
    typeremote
  • descriptionSEIG Modbus 3.4 - Denial of Service (PoC). CVE-2013-0662. Dos exploit for Windows_x86 platform
    fileexploits/windows_x86/dos/45219.py
    idEDB-ID:45219
    last seen2018-08-20
    modified2018-08-20
    platformwindows_x86
    port27700
    published2018-08-20
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/45219/
    titleSEIG Modbus 3.4 - Denial of Service (PoC)
    typedos

Packetstorm

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:66500 CVE ID:CVE-2013-0662 施耐德电气为100多个国家的能源及基础设施、工业、数据中心及网络、楼宇和住宅市场提供整体解决方案。 Schneider Electric多个产品使用的Modbus Serial驱动监听TCP 27700端口,当处理连接时,Modbus应用头字段会最先读入缓冲区,当在头字段指定超大缓冲区大小时可触发基于栈的缓冲区溢出,成功利用漏洞可以以应用程序上下文执行任意代码。 0 Schneider Electric TwidoSuite Versions 2.31.04 Schneider Electric PowerSuite Versions 2.6 Schneider Electric SoMove Versions 1.7 Schneider Electric SoMachine Versions 2.0, 3.0, 3.1, and 3.0 XS, Schneider Electric Unity Pro Versions 7.0 Schneider Electric UnityLoader Versions 2.3 Schneider Electric Concept Versions 2.6 SR7 Schneider Electric ModbusCommDTM sl Versions 2.1.2 Schneider Electric PL7 Versions 4.5 SP5 Schneider Electric SFT2841 Versions 14, 13.1 Schneider Electric OPC Factory Server Versions 3.50 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01
idSSV:62000
last seen2017-11-19
modified2014-03-31
published2014-03-31
reporterRoot
titleSchneider Electric产品基于栈的缓冲区溢出漏洞