Lucene search
RgodZDI-21-187HistoryFeb 10, 2021 - 12:00 a.m.
Schneider Electric EcoStruxure Power Build SSD File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2021-02-1000:00:00
rgod
www.zerodayinitiative.com
9
schneider electric
power build
ssd file parsing
buffer overflow
arbitrary code execution
remote attackers
user interaction
malicious page
malicious file
validation
user-supplied data
stack-based buffer
EPSS
0.008
Percentile
81.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
nvd
nvd
CVE-2021-22698
2021-01-26 18:16:18
prion
prion
Stack overflow
2021-01-26 18:16:00
cvelist
cvelist
CVE-2021-22698
2021-01-25 17:10:12
cve
cve
CVE-2021-22698
2021-01-26 18:16:18
ics
ics
Schneider Electric EcoStruxure Power Build-Rapsody (Update A)
2021-02-18 12:00:00