Vulnerability Description
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Concept | <= 2.6 |
| Schneider-Electric | Modbus Serial Driver | 1.10 |
| Schneider-Electric | Modbuscommdtm Sl | <= 2.1.2 |
| Schneider-Electric | Opc Factory Server | <= 3.5.0 |
| Schneider-Electric | Pl7 | <= 4.5 |
| Schneider-Electric | Powersuite | <= 2.6 |
| Schneider-Electric | Sft2841 | <= 14.0 |
| Schneider-Electric | Somachine | <= 3.1 |
| Schneider-Electric | Somove | <= 1.7 |
| Schneider-Electric | Twidosuite | <= 2.31.04 |
| Schneider-Electric | Unity Pro | <= 7.0 |
| Schneider-Electric | Unityloader | <= 2.3 |
| Schneider Electric | Somachine | 3.0 |
Related Weaknesses (CWE)
References
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01Vendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/66500Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/45219/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/45220/ExploitThird Party AdvisoryVDB Entry
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01Vendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/66500Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/45219/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/45220/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2013-0662?
CVE-2013-0662 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a M...
How severe is CVE-2013-0662?
CVE-2013-0662 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0662?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Concept, Schneider-Electric Modbus Serial Driver, Schneider-Electric Modbuscommdtm Sl, Schneider-Electric Opc Factory Server, Schneider-Electric Pl7.