cve-2013-0662
Vulnerability from cvelistv5
Published
2014-03-28 19:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
},
{
"name": "45219",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
},
{
"name": "66500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66500"
},
{
"name": "45220",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45220/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-22T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
},
{
"name": "45219",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
},
{
"name": "66500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66500"
},
{
"name": "45220",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45220/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
},
{
"name": "45219",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
},
{
"name": "66500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66500"
},
{
"name": "45220",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45220/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0662",
"datePublished": "2014-03-28T19:00:00",
"dateReserved": "2012-12-19T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2013-0662\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-04-01T06:17:08.240\",\"lastModified\":\"2024-11-21T01:47:57.897\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de buffer basado en pila en ModbusDrv.exe en Schneider Electric Modbus Serial Driver 1.10 hasta 3.2 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor de tama\u00f1o de buffer grande en Modbus Application Header.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:concept:*:sr7:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6\",\"matchCriteriaId\":\"C59B889A-707B-4AEC-9D7B-84F5F67AF022\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"002ABE6D-4491-46F4-A412-A3B4CBDBF049\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D807408B-78B5-4E9A-9CCB-D35BFFC968E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C437D283-D2BA-4C57-8A85-70BC94F3E852\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbuscommdtm_sl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.2\",\"matchCriteriaId\":\"AB3CD5BD-EDA3-4ABE-87CE-9A1ED11880FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.5.0\",\"matchCriteriaId\":\"E7D490C3-FA4F-4434-927A-84DA392D13AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:opc_factory_server:3.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B637B76-2F68-4080-A1EB-5BA45CC2662F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8874360-6B9A-40C3-A95F-8FD18F73244D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:pl7:*:sp7:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.5\",\"matchCriteriaId\":\"494E62B9-52A2-4344-B46A-D633536D8A52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:powersuite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6\",\"matchCriteriaId\":\"472AB761-8CDD-421D-A931-8F43E5DBA1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:sft2841:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.0\",\"matchCriteriaId\":\"70B3EAE9-8C2D-4384-A6DD-AC3A86A54047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:sft2841:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"291A4B76-9847-4B25-8DB2-4482E8D2B01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1\",\"matchCriteriaId\":\"58423C92-AFAA-4BB0-BC7C-019B47F4E881\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD168A8-F73B-4055-AC6F-A8EAC48C20D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somachine:3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"44612FE6-AF0F-4BEE-A0E7-232BE102DAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7\",\"matchCriteriaId\":\"D4D0F940-028F-4F4B-89DD-88EB239F2BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:twidosuite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.31.04\",\"matchCriteriaId\":\"9DA4DF22-8DAD-4A34-B326-AEAEDFF2BEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"5D0D3207-EE90-4EBF-B3D3-6255DC2B23A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:unity_pro:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B606E20-4362-455E-84EA-8395880EBCDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:unityloader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3\",\"matchCriteriaId\":\"3F9B1196-A188-4985-94E4-ADEA3557AB2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider_electric:somachine:3.0:*:*:*:xs:*:*:*\",\"matchCriteriaId\":\"4B2730EE-D37A-4745-9F07-A9CC378F0573\"}]}]}],\"references\":[{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/66500\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45219/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45220/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/66500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45219/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/45220/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}],\"evaluatorImpact\":\"Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01\\n\\n\\\"The following Schneider Electric products bundle the Schneider Electric Modbus Serial Driver (ModbusDrv.exe), which is started when attempting to connect to a Programmable Logic Controller (PLC) via the serial port of a personal computer:\\n\\n TwidoSuite Versions 2.31.04 and earlier,\\n PowerSuite Versions 2.6 and earlier,\\n SoMove Versions 1.7 and earlier,\\n SoMachine Versions 2.0, 3.0, 3.1, and 3.0 XS,\\n Unity Pro Versions 7.0 and earlier,\\n UnityLoader Versions 2.3 and earlier,\\n Concept Versions 2.6 SR7 and earlier,\\n ModbusCommDTM sl Versions 2.1.2 and earlier,\\n PL7 Versions 4.5 SP5 and earlier,\\n SFT2841 Versions 14, 13.1 and earlier, and\\n OPC Factory Server Versions 3.50 and earlier.\\n\\nModbus Serial Driver versions that are affected:\\n\\n Windows XP 32 bit V1.10 IE v37,\\n Windows Vista 32 bit V2.2 IE12,\\n Windows 7 32 bit V2.2 IE12, and\\n Windows 7 64 bit V3.2 IE12.\\\"\"}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.