Buffer overflow in Schneider-electric Interactive_graphical_scada_system

CVE-2013-0657

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

Vulnerability class: Buffer Overflow

EPSS: 0.614 (98.4th percentile) — read the EPSS interpretation.

Affected products

Schneider-electric Interactive_graphical_scada_system — versions 9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ics-cert@hq.dhs.gov (US Government Resource, Patch, x_refsource_MISC)
45218 (exploit, x_refsource_EXPLOIT-DB)
ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Patch)
ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Patch)