Lucene search

[email protected]NVD:CVE-2012-5409

HistoryNov 01, 2012 - 10:44 a.m.

CVE-2012-5409

2012-11-0110:44:47

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.46

Percentile

97.5%

JSON

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

Affected configurations

Nvd

Node

siemenssipass_integratedRange≤mp2.6

VendorProductVersionCPE
siemenssipass_integrated*cpe:2.3:a:siemens:sipass_integrated:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sipass_integrated	*	cpe:2.3:a:siemens:sipass_integrated::::::::

References

ics-cert.us-cert.gov/advisories/ICSA-12-305-01

ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf

secunia.com/advisories/50900

www.osvdb.org/86129

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.46

Percentile

97.5%

JSON

Related for NVD:CVE-2012-5409

exploitdb1 cve1 cvelist1 ics1 prion1