Buffer overflow in Schneider-electric Concept

CVE-2013-0662

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Vulnerability class: Buffer Overflow

EPSS: 0.506 (97.9th percentile) — read the EPSS interpretation.

Affected products

Schneider-electric Concept
Schneider-electric Modbuscommdtm_sl
Schneider-electric Modbus_serial_driver — versions 1.10, 2.2, 3.2
Schneider-electric Opc_factory_server — versions 3.34, 3.35
Schneider-electric Pl7
Schneider-electric Powersuite
Schneider-electric Sft2841 — versions 13.1
Schneider-electric Somachine — versions 2.0, 3.0
Schneider-electric Somove
Schneider-electric Twidosuite

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)
45219 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation)
66500 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
45220 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)