CVE-2012-5409

Published Nov 1, 2012

Last updated 11 years ago

Overview

Description: AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:sipass_integrated:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E7419E9-9BC2-46D7-8287-EFF38E17D9BF",
            "versionEndIncluding": "mp2.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References