CVE-2013-0657 – 7-Technologies IGSS 9 - Data Server/Collector Packet Handling

https://notcve.org/view.php?id=CVE-2013-0657

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. Desbordamiento de búfer basado en pila en Scheneider Electric Interactive Graphical SCADA System (IGSS) v10 y anteriores que permite a atacantes remotos ejecutar código arbitrario enviando datos por el puerto TCP 12397 que no cumplen con el protocolo. SEIG SCADA System version 9 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/17352 https://www.exploit-db.com/exploits/45218 http://igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip http://igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •