CVE-2013-0657

7-Technologies IGSS 9 - Data Server/Collector Packet Handling

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

Desbordamiento de búfer basado en pila en Scheneider Electric Interactive Graphical SCADA System (IGSS) v10 y anteriores que permite a atacantes remotos ejecutar código arbitrario enviando datos por el puerto TCP 12397 que no cumplen con el protocolo.

SEIG SCADA System version 9 suffers from a remote code execution vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-05-30 First Exploit
2012-12-19 CVE Reserved
2013-01-21 CVE Published
2024-04-16 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/17352	2011-05-30
https://www.exploit-db.com/exploits/45218	2024-08-06

URL	Date	SRC
http://igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip	2018-08-21
http://igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip	2018-08-21
http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01.pdf	2018-08-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Schneider-electric Search vendor "Schneider-electric"		Interactive Graphical Scada System Search vendor "Schneider-electric" for product "Interactive Graphical Scada System"				<= 10.0 Search vendor "Schneider-electric" for product "Interactive Graphical Scada System" and version " <= 10.0"		-		Affected
Schneider-electric Search vendor "Schneider-electric"		Interactive Graphical Scada System Search vendor "Schneider-electric" for product "Interactive Graphical Scada System"				9.0 Search vendor "Schneider-electric" for product "Interactive Graphical Scada System" and version "9.0"		-		Affected