CVE-2012-1800

2012-04-1810:33:34

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-1800

buffer overflow

profinet dcp

siemens

scalance s

security module

firewall

denial of service

remote code execution

8.6 High

AI Score

Confidence

High

6.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.049 Low

EPSS

Percentile

92.8%

JSON

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.

Affected configurations

NVD

Node

siemensscalance_s_firmwareRange≤2.3.0

siemensscalance_s_firmwareMatch2.1.0

siemensscalance_s_firmwareMatch2.2.0

AND

siemensscalance_s602Matchv2

siemensscalance_s612Matchv2

siemensscalance_s613Matchv2

CPENameOperatorVersion
siemens:scalance_s_firmwaresiemens scalance s firmwarele2.3.0
siemens:scalance_s_firmwaresiemens scalance s firmwareeq2.1.0
siemens:scalance_s_firmwaresiemens scalance s firmwareeq2.2.0
siemens:scalance_s602siemens scalance s602eqv2
siemens:scalance_s612siemens scalance s612eqv2
siemens:scalance_s613siemens scalance s613eqv2

CPE	Name	Operator	Version
siemens:scalance_s_firmware	siemens scalance s firmware	le	2.3.0
siemens:scalance_s_firmware	siemens scalance s firmware	eq	2.1.0
siemens:scalance_s_firmware	siemens scalance s firmware	eq	2.2.0
siemens:scalance_s602	siemens scalance s602	eq	v2
siemens:scalance_s612	siemens scalance s612	eq	v2
siemens:scalance_s613	siemens scalance s613	eq	v2