Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5409

CWE-119Buffer Overflow4 documents4 sources
Severity
10.0CRITICAL
EPSS
35.4%
top 2.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Siemens Sipass Integrated
Timeline
PublishedNov 1
Latest updateMay 17

Description

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q4x4-498h-293w: AscoServer2022-05-17
CVEList
CVE-2012-5409: AscoServer2012-11-01

💥Exploits & PoCs

1
Exploit-DB
SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference2012-11-01
CVE-2012-5409 (CRITICAL CVSS 10) | AscoServer.exe in the server in Sie | cvebase.io