CVE-2013-0662 - Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.

CVE-2013-0662

Summary

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

References

Vulnerable Configurations

cpe:2.3:a:schneider-electric:concept:2.6:sr7:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:concept:2.6:sr7:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbuscommdtm_sl:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:modbuscommdtm_sl:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.5:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.5:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.34:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.34:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:pl7:4.5:sp7:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:pl7:4.5:sp7:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powersuite:2.6:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powersuite:2.6:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:sft2841:13.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:sft2841:13.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:sft2841:14.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:sft2841:14.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.0:-:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.0:-:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:-:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:-:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:1.4:sp1:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:1.4:sp1:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.0:*:*:*:xs:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.0:*:*:*:xs:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somachine:3.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somove:-:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somove:-:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somove:1.7:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:somove:1.7:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:twidosuite:2.31.04:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:twidosuite:2.31.04:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unity_pro:6.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unity_pro:6.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unity_pro:7.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unity_pro:7.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unityloader:2.3:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:unityloader:2.3:*:*:*:*:*:*:*
cpe:2.3:a:schneider_electric:somachine:3.0:*:*:*:xs:*:*:*
cpe:2.3:a:schneider_electric:somachine:3.0:*:*:*:xs:*:*:*

CVSS

Base:	9.3 (as of 03-02-2022 - 13:57)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	66500
confirm	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01
exploit-db	45219 45220
misc	http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01

Last major update

03-02-2022 - 13:57

Published

01-04-2014 - 06:17

Last modified

03-02-2022 - 13:57