Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0657 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Interactive Graphical Scada System

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

10.0CRITICALNVD

EPSS

61.4%

top 1.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Schneider-electric Interactive Graphical Scada System

Timeline

PublishedJan 21

Latest updateMay 14

Description

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDschneider-electric/interactive_graphical_scada_system10.0+1

Patches

Patch: igss.schneider-electric.com ↗Patch: igss.schneider-electric.com ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-qw55-52cc-p8hc: Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrar↗2022-05-14

▶

CVEList

CVE-2013-0657: Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrar↗2013-01-21

▶

💥Exploits & PoCs

Exploit-DB

SEIG SCADA System 9 - Remote Code Execution↗2018-08-19

▶

Exploit-DB

7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)↗2011-05-30

▶

🔍Detection Rules

Suricata

ET SCADA SEIG SYSTEM 9 - Remote Code Execution↗2018-08-21

▶