Remote Code Execution Vulnerability in Siemens SiPass Integrated Server
CVE-2012-5409

Currently unrated

Key Information:

Vendor
Siemens
Status
Sipass Integrated
Vendor
CVE Published:
1 November 2012

Summary

The AscoServer.exe component of Siemens SiPass Integrated MP2.6 and earlier is susceptible to a critical vulnerability that arises from improper handling of IOCP RPC messages over Ethernet networks. This flaw enables remote attackers to manipulate memory locations, potentially executing arbitrary code through crafted messages. Attack vectors include arbitrary pointer dereference and buffer overflow techniques, posing significant risks to the integrity and security of the affected systems.

References

http://secunia.com/advisories/50900
third-party-advisoryx_refsource_SECUNIA
http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01
x_refsource_MISC
http://www.osvdb.org/86129
vdb-entryx_refsource_OSVDB

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.