CVE-2013-0662

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
schneider-electricconcept
𝑥
≤ 2.6
schneider-electricmodbus_serial_driver
1.10
schneider-electricmodbus_serial_driver
2.2
schneider-electricmodbus_serial_driver
3.2
schneider-electricmodbuscommdtm_sl
𝑥
≤ 2.1.2
schneider-electricopc_factory_server
𝑥
≤ 3.5.0
schneider-electricopc_factory_server
3.34
schneider-electricopc_factory_server
3.35
schneider-electricpl7
𝑥
≤ 4.5
schneider-electricpowersuite
𝑥
≤ 2.6
schneider-electricsft2841
𝑥
≤ 14.0
schneider-electricsft2841
13.1
schneider-electricsomachine
𝑥
≤ 3.1
schneider-electricsomachine
2.0
schneider-electricsomachine
3.0
schneider-electricsomove
𝑥
≤ 1.7
schneider-electrictwidosuite
𝑥
≤ 2.31.04
schneider-electricunity_pro
𝑥
≤ 7.0
schneider-electricunity_pro
6.0
schneider-electricunityloader
𝑥
≤ 2.3
schneider_electricsomachine
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01
http://www.securityfocus.com/bid/66500
https://www.exploit-db.com/exploits/45219/
https://www.exploit-db.com/exploits/45220/
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01
http://www.securityfocus.com/bid/66500
https://www.exploit-db.com/exploits/45219/
https://www.exploit-db.com/exploits/45220/