Stack-based Buffer Overflow in Schneider Electric's Interactive Graphical SCADA System
CVE-2013-0657

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Interactive Graphical Scada System
Vendor: CVE Published:; 21 January 2013

Summary

The Interactive Graphical SCADA System (IGSS) from Schneider Electric is susceptible to a stack-based buffer overflow. This vulnerability enables remote attackers to execute arbitrary code by sending malformed data to TCP port 12397, which violates the expected protocol standards. Effective safeguards and timely updates are crucial to mitigate potential exploitation.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01...

x_refsource_MISC

https://www.exploit-db.com/exploits/45218/

exploitx_refsource_EXPLOIT-DB

http://igss.schneider-electric.com/igss/igssupdates/v100/...

x_refsource_CONFIRM

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2013
Vulnerability Reserved
Dec 19, 2012