CVE-2013-0662

🔴 Łataj teraz

Przepełnienie bufora w ModbusDrv.exe umożliwia zdalne wykonanie kodu.

CVSS

9.3

EPSS

50.6%

Exploit

poc

Vendor

schneider-electric

Opis źródłowy (NVD)

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

buffer-overflow exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.3
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	50.6%
Opublikowano (NVD)	2014-04-01 06:17:08 UTC
Ostatnia modyfikacja (NVD)	2026-05-06 22:30:45 UTC

Referencje

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01 (ics-cert@hq.dhs.gov) [Vendor Advisory]
http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 (ics-cert@hq.dhs.gov) [Mitigation, Third Party Advisory, US Government Resource]
http://www.securityfocus.com/bid/66500 (ics-cert@hq.dhs.gov) [Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/45219/ (ics-cert@hq.dhs.gov) [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/45220/ (ics-cert@hq.dhs.gov) [Exploit, Third Party Advisory, VDB Entry]