CVE-2013-0662

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-04-2014 08:17

Last modified: - 03-02-2022 02:57

Total changes: - 4

Description

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=schneider-electric AND product=concept AND update=sr7 AND versionEndIncluding=2.6

vendor=schneider-electric AND product=modbus_serial_driver AND version=1.10

vendor=schneider-electric AND product=modbus_serial_driver AND version=2.2

vendor=schneider-electric AND product=modbus_serial_driver AND version=3.2

vendor=schneider-electric AND product=modbuscommdtm_sl AND versionEndIncluding=2.1.2

vendor=schneider-electric AND product=opc_factory_server AND versionEndIncluding=3.5.0

vendor=schneider-electric AND product=opc_factory_server AND version=3.34

vendor=schneider-electric AND product=opc_factory_server AND version=3.35

vendor=schneider-electric AND product=pl7 AND update=sp7 AND versionEndIncluding=4.5

vendor=schneider-electric AND product=powersuite AND versionEndIncluding=2.6

vendor=schneider-electric AND product=sft2841 AND version=13.1

vendor=schneider-electric AND product=sft2841 AND versionEndIncluding=14.0

vendor=schneider-electric AND product=somachine AND version=2.0

vendor=schneider-electric AND product=somachine AND version=3.0 AND update=-

vendor=schneider-electric AND product=somachine AND versionEndIncluding=3.1

vendor=schneider-electric AND product=somove AND versionEndIncluding=1.7

vendor=schneider-electric AND product=twidosuite AND versionEndIncluding=2.31.04

vendor=schneider-electric AND product=unity_pro AND version=6.0

vendor=schneider-electric AND product=unity_pro AND versionEndIncluding=7.0

vendor=schneider-electric AND product=unityloader AND versionEndIncluding=2.3

vendor=schneider_electric AND product=somachine AND version=3.0 AND software_edition=xs

Reference

http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01
66500-Third Party Advisory, VDB Entry
45220-Exploit, Third Party Advisory, VDB Entry
45219-Exploit, Third Party Advisory, VDB Entry

Keywords

CVE-2013-0662

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2013-0662

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures