CVE-2012-5409

EUVD-2012-5328
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01
http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf
http://secunia.com/advisories/50900
http://www.osvdb.org/86129
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01
http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf
http://secunia.com/advisories/50900
http://www.osvdb.org/86129
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf