Lucene search

MitreCVE-2012-5409

HistoryNov 01, 2012 - 10:44 a.m.

CVE-2012-5409

2012-11-0110:44:47

CWE-119

mitre

web.nvd.nist.gov

siemens

sipass

integrated

mp2.6

ascoserver.exe

vulnerability

cve-2012-5409

iocp

rpc

ethernet

remote attackers

arbitrary code

pointer dereference

buffer overflow

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.46

Percentile

97.5%

JSON

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

Affected configurations

Nvd

Node

siemenssipass_integratedRange≤mp2.6

VendorProductVersionCPE
siemenssipass_integrated*cpe:2.3:a:siemens:sipass_integrated:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sipass_integrated	*	cpe:2.3:a:siemens:sipass_integrated::::::::

References

ics-cert.us-cert.gov/advisories/ICSA-12-305-01

ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf

secunia.com/advisories/50900

www.osvdb.org/86129

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.46

Percentile

97.5%

JSON

Related for CVE-2012-5409