Added: 02/11/2013
CVE: CVE-2013-0657
BID: 57449
OSVDB: 89324
Schneider Electric Interactive Graphical SCADA System (IGSS) is a supervisory control and data acquisition (SCADA) system designed to monitor and control industrial processes. The Data Collector (**DC.exe**
) component listens on port 12397/tcp.
A buffer overflow vulnerability in the **DC.exe**
executable allows remote arbitrary code execution when a malicious user sends a specially crafted request to port 12397/tcp.
Schneider Electric has released software updates for IGSS v9 and IGSS v10.
<http://ics-cert.us-cert.gov/pdf/ICSA-13-018-01.pdf>
<http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130110_advisory_of_vulnerability_affecting_igss_scada_software.xml>
This exploit was tested against Schneider Electric Interactive Graphical SCADA System 9.0 on Microsoft Windows Server 2003 SP2 English with DEP OptOut.
Windows