Vulnerability Description
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sipass Integrated | <= mp2.6 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01
- http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointe
- http://secunia.com/advisories/50900Vendor Advisory
- http://www.osvdb.org/86129
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01
- http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointe
- http://secunia.com/advisories/50900Vendor Advisory
- http://www.osvdb.org/86129
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
FAQ
What is CVE-2012-5409?
CVE-2012-5409 is a vulnerability with a CVSS score of 10.0 (HIGH). AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to...
How severe is CVE-2012-5409?
CVE-2012-5409 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5409?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sipass Integrated.