Remote Code Execution Vulnerability in Siemens SiPass Integrated Server
CVE-2012-5409

Currently unrated

Key Information:

Vendor: Siemens
Status: Sipass Integrated
Vendor: CVE Published:; 1 November 2012

What is CVE-2012-5409?

The AscoServer.exe component of Siemens SiPass Integrated MP2.6 and earlier is susceptible to a critical vulnerability that arises from improper handling of IOCP RPC messages over Ethernet networks. This flaw enables remote attackers to manipulate memory locations, potentially executing arbitrary code through crafted messages. Attack vectors include arbitrary pointer dereference and buffer overflow techniques, posing significant risks to the integrity and security of the affected systems.

References

http://secunia.com/advisories/50900

third-party-advisoryx_refsource_SECUNIA

http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01

x_refsource_MISC

http://www.osvdb.org/86129

vdb-entryx_refsource_OSVDB

EPSS Score

35% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2012
Vulnerability Reserved
Oct 17, 2012