Stack-based Buffer Overflow in Siemens Scalance S Security Module Firewall
CVE-2012-1800

Currently unrated

Key Information:

Vendor: Siemens
Status: Scalance S Firmware; Scalance S602; Scalance S612; Scalance S613
Vendor: CVE Published:; 18 April 2012

Summary

A critical stack-based buffer overflow vulnerability exists in the Profinet DCP protocol implementation on selected Siemens Scalance S Security Modules. This flaw affects the S602 V2, S612 V2, and S613 V2 models with firmware versions earlier than 2.3.0.3. Remote attackers can exploit this vulnerability by sending crafted DCP frames, which could lead to device outages or unauthorized execution of arbitrary code, compromising network integrity and operation.

References

http://support.automation.siemens.com/WW/view/en/59869684

x_refsource_CONFIRM

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05...

x_refsource_MISC

Timeline

Vulnerability published
Apr 18, 2012
Vulnerability Reserved
Mar 21, 2012