Sign-up

ID

VAR-201304-0565


TITLE

Schneider Electric Modbus Family Driver Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-03162

DESCRIPTION

The Schneider Electric Group provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and homes. Multiple Schneider Electric multiple products. The Modbus series driver has a buffer overflow vulnerability when parsing a project in "Programming" mode, which can be exploited to cause a buffer overflow. Successful exploitation allows arbitrary code execution. Exploiting this vulnerability requires enticing users to open malicious project files. Multiple Schneider Electric products are prone to a local buffer-overflow vulnerability because they fail to properly validate user-supplied input before copying it into a fixed-length buffer. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TwidoSuite versions 2.31.04 and prior PowerSuite versions 2.6 and prior SoMove versions 1.7 and prior SoMachine versions 2.0, 3.0, 3.1, and 3.0 XS Unity Pro versions 7.0 and prior UnityLoader versions 2.3 and prior Concept versions 2.6 SR7 and prior ModbusCommDTM sl versions 2.1.2 and prior PL7 versions 4.5 SP5 and prior SFT2841 version 14 and versions 13.1 and prior OFS versions 3.50 and prior

Trust: 0.81

sources: CNVD: CNVD-2013-03162 // BID: 58999

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-03162

AFFECTED PRODUCTS

vendor:schneidermodel:electric conceptscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modbuscommdtm slscope:eqversion:2.x

Trust: 0.6

vendor:schneidermodel:electric powersuitescope:eqversion:2.x

Trust: 0.6

vendor:schneidermodel:electric unityloaderscope:eqversion:2.x

Trust: 0.6

vendor:schneidermodel:electric twidosuitescope:eqversion:2.x

Trust: 0.6

vendor:schneidermodel:electric unity proscope:eqversion:6.0

Trust: 0.3

vendor:schneidermodel:electric unity proscope:eqversion:6

Trust: 0.3

vendor:schneidermodel:electric pl7 proscope:eqversion:4.5

Trust: 0.3

sources: CNVD: CNVD-2013-03162 // BID: 58999

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-03162
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-03162
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-03162

THREAT TYPE

local

Trust: 0.3

sources: BID: 58999

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 58999

EXTERNAL IDS

db:SCHNEIDERid:SEVD-2013-070-01

Trust: 0.9

db:SECUNIAid:52821

Trust: 0.6

db:CNVDid:CNVD-2013-03162

Trust: 0.6

db:BIDid:58999

Trust: 0.3

sources: CNVD: CNVD-2013-03162 // BID: 58999

REFERENCES

url:http://download.schneider-electric.com/files?p_file_id=47991052&p_file_name=sevd-2013-070-01.pdf

Trust: 0.9

url:http://secunia.com/advisories/52821/

Trust: 0.6

url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true

Trust: 0.3

sources: CNVD: CNVD-2013-03162 // BID: 58999

CREDITS

Carsten Eiram

Trust: 0.3

sources: BID: 58999

SOURCES

db:CNVDid:CNVD-2013-03162
db:BIDid:58999

LAST UPDATE DATE

2022-05-17T01:37:06.747000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-03162date:2013-05-28T00:00:00
db:BIDid:58999date:2013-03-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-03162date:2013-04-16T00:00:00
db:BIDid:58999date:2013-03-11T00:00:00