VAR-201304-0565
Vulnerability from variot - Updated: 2022-05-17 01:37The Schneider Electric Group provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and homes.
Multiple Schneider Electric multiple products. The Modbus series driver has a buffer overflow vulnerability when parsing a project in "Programming" mode, which can be exploited to cause a buffer overflow. Successful exploitation allows arbitrary code execution. Exploiting this vulnerability requires enticing users to open malicious project files. Multiple Schneider Electric products are prone to a local buffer-overflow vulnerability because they fail to properly validate user-supplied input before copying it into a fixed-length buffer. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TwidoSuite versions 2.31.04 and prior PowerSuite versions 2.6 and prior SoMove versions 1.7 and prior SoMachine versions 2.0, 3.0, 3.1, and 3.0 XS Unity Pro versions 7.0 and prior UnityLoader versions 2.3 and prior Concept versions 2.6 SR7 and prior ModbusCommDTM sl versions 2.1.2 and prior PL7 versions 4.5 SP5 and prior SFT2841 version 14 and versions 13.1 and prior OFS versions 3.50 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric concept",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modbuscommdtm sl",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.x"
},
{
"model": "electric powersuite",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.x"
},
{
"model": "electric unityloader",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.x"
},
{
"model": "electric twidosuite",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2.x"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6.0"
},
{
"model": "electric unity pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "6"
},
{
"model": "electric pl7 pro",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider",
"version": "4.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"db": "BID",
"id": "58999"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram",
"sources": [
{
"db": "BID",
"id": "58999"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2013-03162",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-03162",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Schneider Electric Group provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and homes. \n\nMultiple Schneider Electric multiple products. The Modbus series driver has a buffer overflow vulnerability when parsing a project in \"Programming\" mode, which can be exploited to cause a buffer overflow. Successful exploitation allows arbitrary code execution. Exploiting this vulnerability requires enticing users to open malicious project files. Multiple Schneider Electric products are prone to a local buffer-overflow vulnerability because they fail to properly validate user-supplied input before copying it into a fixed-length buffer. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are vulnerable:\nTwidoSuite versions 2.31.04 and prior\nPowerSuite versions 2.6 and prior\nSoMove versions 1.7 and prior\nSoMachine versions 2.0, 3.0, 3.1, and 3.0 XS\nUnity Pro versions 7.0 and prior\nUnityLoader versions 2.3 and prior\nConcept versions 2.6 SR7 and prior\nModbusCommDTM sl versions 2.1.2 and prior\nPL7 versions 4.5 SP5 and prior\nSFT2841 version 14 and versions 13.1 and prior\nOFS versions 3.50 and prior",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"db": "BID",
"id": "58999"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SCHNEIDER",
"id": "SEVD-2013-070-01",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "52821",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-03162",
"trust": 0.6
},
{
"db": "BID",
"id": "58999",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"db": "BID",
"id": "58999"
}
]
},
"id": "VAR-201304-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
}
]
},
"last_update_date": "2022-05-17T01:37:06.747000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://download.schneider-electric.com/files?p_file_id=47991052\u0026p_file_name=sevd-2013-070-01.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52821/"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"db": "BID",
"id": "58999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"db": "BID",
"id": "58999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"date": "2013-03-11T00:00:00",
"db": "BID",
"id": "58999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03162"
},
{
"date": "2013-03-11T00:00:00",
"db": "BID",
"id": "58999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "58999"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modbus Family Driver Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03162"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "58999"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…