CVE-2013-0662

Published Apr 1, 2014

Last updated 3 years ago

Overview

Description: Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Evaluator

Comment: -
Impact: Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 "The following Schneider Electric products bundle the Schneider Electric Modbus Serial Driver (ModbusDrv.exe), which is started when attempting to connect to a Programmable Logic Controller (PLC) via the serial port of a personal computer: TwidoSuite Versions 2.31.04 and earlier, PowerSuite Versions 2.6 and earlier, SoMove Versions 1.7 and earlier, SoMachine Versions 2.0, 3.0, 3.1, and 3.0 XS, Unity Pro Versions 7.0 and earlier, UnityLoader Versions 2.3 and earlier, Concept Versions 2.6 SR7 and earlier, ModbusCommDTM sl Versions 2.1.2 and earlier, PL7 Versions 4.5 SP5 and earlier, SFT2841 Versions 14, 13.1 and earlier, and OPC Factory Server Versions 3.50 and earlier. Modbus Serial Driver versions that are affected: Windows XP 32 bit V1.10 IE v37, Windows Vista 32 bit V2.2 IE12, Windows 7 32 bit V2.2 IE12, and Windows 7 64 bit V3.2 IE12."
Solution: Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 "The following Schneider Electric products bundle the Schneider Electric Modbus Serial Driver (ModbusDrv.exe), which is started when attempting to connect to a Programmable Logic Controller (PLC) via the serial port of a personal computer: TwidoSuite Versions 2.31.04 and earlier, PowerSuite Versions 2.6 and earlier, SoMove Versions 1.7 and earlier, SoMachine Versions 2.0, 3.0, 3.1, and 3.0 XS, Unity Pro Versions 7.0 and earlier, UnityLoader Versions 2.3 and earlier, Concept Versions 2.6 SR7 and earlier, ModbusCommDTM sl Versions 2.1.2 and earlier, PL7 Versions 4.5 SP5 and earlier, SFT2841 Versions 14, 13.1 and earlier, and OPC Factory Server Versions 3.50 and earlier. Modbus Serial Driver versions that are affected: Windows XP 32 bit V1.10 IE v37, Windows Vista 32 bit V2.2 IE12, Windows 7 32 bit V2.2 IE12, and Windows 7 64 bit V3.2 IE12."

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:schneider-electric:concept:*:sr7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C59B889A-707B-4AEC-9D7B-84F5F67AF022",
            "versionEndIncluding": "2.6"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:modbus_serial_driver:1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "002ABE6D-4491-46F4-A412-A3B4CBDBF049"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:modbus_serial_driver:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D807408B-78B5-4E9A-9CCB-D35BFFC968E7"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:modbus_serial_driver:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C437D283-D2BA-4C57-8A85-70BC94F3E852"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:modbuscommdtm_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB3CD5BD-EDA3-4ABE-87CE-9A1ED11880FE",
            "versionEndIncluding": "2.1.2"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D490C3-FA4F-4434-927A-84DA392D13AF",
            "versionEndIncluding": "3.5.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:opc_factory_server:3.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B637B76-2F68-4080-A1EB-5BA45CC2662F"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:opc_factory_server:3.35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8874360-6B9A-40C3-A95F-8FD18F73244D"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:pl7:*:sp7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "494E62B9-52A2-4344-B46A-D633536D8A52",
            "versionEndIncluding": "4.5"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:powersuite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "472AB761-8CDD-421D-A931-8F43E5DBA1A7",
            "versionEndIncluding": "2.6"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:sft2841:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70B3EAE9-8C2D-4384-A6DD-AC3A86A54047",
            "versionEndIncluding": "14.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:sft2841:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "291A4B76-9847-4B25-8DB2-4482E8D2B01E"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:somachine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58423C92-AFAA-4BB0-BC7C-019B47F4E881",
            "versionEndIncluding": "3.1"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:somachine:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DD168A8-F73B-4055-AC6F-A8EAC48C20D6"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:somachine:3.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44612FE6-AF0F-4BEE-A0E7-232BE102DAC1"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:somove:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4D0F940-028F-4F4B-89DD-88EB239F2BEE",
            "versionEndIncluding": "1.7"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:twidosuite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DA4DF22-8DAD-4A34-B326-AEAEDFF2BEB8",
            "versionEndIncluding": "2.31.04"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D0D3207-EE90-4EBF-B3D3-6255DC2B23A4",
            "versionEndIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:unity_pro:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B606E20-4362-455E-84EA-8395880EBCDA"
          },
          {
            "criteria": "cpe:2.3:a:schneider-electric:unityloader:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F9B1196-A188-4985-94E4-ADEA3557AB2C",
            "versionEndIncluding": "2.3"
          },
          {
            "criteria": "cpe:2.3:a:schneider_electric:somachine:3.0:*:*:*:xs:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B2730EE-D37A-4745-9F07-A9CC378F0573"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References