CVE-2012-1800
medium
CVSS v3
—
CVSS v2
6.1
VIR risk
6.1
Description
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cret@cert.org — http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| siemens | scalance_s_firmware | {"endIncluding":"2.3.0"} | |
| siemens | scalance_s_firmware | 2.1.0 | |
| siemens | scalance_s_firmware | 2.2.0 | |
References
- http://osvdb.org/81034
- http://support.automation.siemens.com/WW/view/en/59869684
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf
- http://osvdb.org/81034
- http://support.automation.siemens.com/WW/view/en/59869684
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.