CVE-2013-0658
published 2013-02-15CVE-2013-0658: Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code…
PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
21.53%
97.3th percentile
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | accutech_manager | <= 2.00.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x41 * 400 (400-byte 'A' buffer in HTTP GET path)
- →Monitor for oversized HTTP GET requests (≥400 bytes in the URL path) sent to TCP port 2537 targeting RFManagerService.exe; the PoC triggers the overflow by placing a 400-byte buffer in the GET path. ↗
- →The vulnerable function sub_40E006 copies the HTTP GET path data into a statically-sized heap buffer; crash manifests as an access violation with EIP/ECX pointing to attacker-controlled 0x41414141 values. ↗
- →Alert on any inbound TCP connections to port 2537 from untrusted/external networks; CISA explicitly recommends ensuring this port is not accessible from the Internet. ↗
- →Crash signature to look for in process monitoring: RFManagerService.exe access violation with register values eax=41414141 and ecx=41414141, indicating heap corruption from the overflow. ↗
- ·RFManagerService.exe binds to both TCP 2536 and TCP 2537 by default; only port 2537 is the documented attack vector for this CVE, but both ports should be firewalled from untrusted networks. ↗
- ·Affected versions are Accutech Manager 2.00.1 and older; the PoC was written against version 1.89.2, confirming multiple older releases are vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-44jc-mmwc-23qh: Heap-based buffer overflow in RFManagerService
ghsa_unreviewed·2022-05-17
CVE-2013-0658 [HIGH] CWE-119 GHSA-44jc-mmwc-23qh: Heap-based buffer overflow in RFManagerService
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.
CISA ICS
Schneider Electric Accutech Manager Heap Overflow
cisa_ics·2013-05-07
Schneider Electric Accutech Manager Heap Overflow
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Accutech Manager Heap Overflow
Last RevisedMay 07, 2013
Alert CodeICSA-13-043-01
## Overview
This advisory provides mitigation details for a vulnerability that impacts the Schneider Electric Accutech Manager.
Independent researcher Aaron Portnoy of Exodus Intelligence has identified a heap-based buffer overflow vulnerability in Schneider Electric’s Accutech Manager application. Schneider Electric has produced an update that mitigates this vulnerability. This researcher has tested the update and verified that it fixes the vulnerability. Exploitation of this vu
No detection rules found.
No writeups or analysis indexed.
2013-02-15
Published