Schneider Electric Interactive Graphical SCADA System Data Collector Overflow

2013-02-1100:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.701 High

EPSS

Percentile

98.0%

JSON

Added: 02/11/2013
CVE: CVE-2013-0657
BID: 57449
OSVDB: 89324

Background

Schneider Electric Interactive Graphical SCADA System (IGSS) is a supervisory control and data acquisition (SCADA) system designed to monitor and control industrial processes. The Data Collector (**DC.exe**) component listens on port 12397/tcp.

Problem

A buffer overflow vulnerability in the **DC.exe** executable allows remote arbitrary code execution when a malicious user sends a specially crafted request to port 12397/tcp.

Resolution

Schneider Electric has released software updates for IGSS v9 and IGSS v10.

References

<http://ics-cert.us-cert.gov/pdf/ICSA-13-018-01.pdf>
<http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130110_advisory_of_vulnerability_affecting_igss_scada_software.xml>

Limitations

This exploit was tested against Schneider Electric Interactive Graphical SCADA System 9.0 on Microsoft Windows Server 2003 SP2 English with DEP OptOut.