Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0662

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

9.3CRITICAL

EPSS

50.6%

top 2.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Schneider-electric Concept Schneider-electric Modbuscommdtm SL Schneider-electric OPC Factory Server +10 more

Timeline

PublishedApr 1

Latest updateMay 13

Description

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages13 packages

▶NVDschneider-electric/modbus_serial_driver1.10, 2.2, 3.2+2

▶NVDschneider-electric/modbuscommdtm_sl2.1.2

▶NVDschneider-electric/pl74.5

▶NVDschneider-electric/somove1.7

▶NVDschneider-electric/concept2.6

🔴Vulnerability Details

GHSA

GHSA-8gr4-665r-f443: Multiple stack-based buffer overflows in ModbusDrv↗2022-05-13

▶

CVEList

CVE-2013-0662: Multiple stack-based buffer overflows in ModbusDrv↗2014-03-28

▶

💥Exploits & PoCs

Exploit-DB

SEIG Modbus 3.4 - Denial of Service (PoC)↗2018-08-20

▶

Exploit-DB

SEIG Modbus 3.4 - Remote Code Execution↗2018-08-20

▶

🔍Detection Rules

Suricata

ET SCADA SEIG Modbus 3.4 - Remote Code Execution↗2018-08-21

▶