Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
BID:58999
Info
Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
| Bugtraq ID: | 58999 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 11 2013 12:00AM |
| Updated: | Mar 11 2013 12:00AM |
| Credit: | Carsten Eiram |
| Vulnerable: |
Schneider Electric Unity Pro 6.0 Schneider Electric Unity Pro 6 Schneider Electric PL7 Pro 4.5 |
| Not Vulnerable: | |
Discussion
Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
Multiple Schneider Electric products are prone to a local buffer-overflow vulnerability because they fail to properly validate user-supplied input before copying it into a fixed-length buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
The following products are vulnerable:
TwidoSuite versions 2.31.04 and prior
PowerSuite versions 2.6 and prior
SoMove versions 1.7 and prior
SoMachine versions 2.0, 3.0, 3.1, and 3.0 XS
Unity Pro versions 7.0 and prior
UnityLoader versions 2.3 and prior
Concept versions 2.6 SR7 and prior
ModbusCommDTM sl versions 2.1.2 and prior
PL7 versions 4.5 SP5 and prior
SFT2841 version 14 and versions 13.1 and prior
OFS versions 3.50 and prior
Multiple Schneider Electric products are prone to a local buffer-overflow vulnerability because they fail to properly validate user-supplied input before copying it into a fixed-length buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
The following products are vulnerable:
TwidoSuite versions 2.31.04 and prior
PowerSuite versions 2.6 and prior
SoMove versions 1.7 and prior
SoMachine versions 2.0, 3.0, 3.1, and 3.0 XS
Unity Pro versions 7.0 and prior
UnityLoader versions 2.3 and prior
Concept versions 2.6 SR7 and prior
ModbusCommDTM sl versions 2.1.2 and prior
PL7 versions 4.5 SP5 and prior
SFT2841 version 14 and versions 13.1 and prior
OFS versions 3.50 and prior
Exploit / POC
Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple Schneider Electric Products 'ModbusDrv.exe' Local Buffer Overflow Vulnerability
References:
References:
- Schneider Electric Homepage (Schneider Electric)
- Important security notification �?? Schneider Electric Serial Modbus Driver Vulner (Schneider Electric)