Stack-based Buffer Overflow in Schneider Electric Modbus Serial Driver
CVE-2013-0662

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Somachine; Concept; Modbus Serial Driver; Sft2841
Vendor: CVE Published:; 1 April 2014

Summary

The Schneider Electric Modbus Serial Driver contains multiple stack-based buffer overflow vulnerabilities in its ModbusDrv.exe component. These vulnerabilities allow remote attackers to execute arbitrary code by sending specially crafted Modbus Application Headers with oversized buffer-size values. Exploitation of this weakness could lead to unauthorized access or manipulation of the system, posing significant security risks. Users of affected versions are advised to apply patches or mitigations to secure their installations.

References

http://download.schneider-electric.com/files?p_Doc_Ref=SE...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/45219/

exploitx_refsource_EXPLOIT-DB

http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01

x_refsource_MISC

EPSS Score

63% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 1, 2014
Vulnerability Reserved
Dec 19, 2012