VIR Vulnerability Intelligence Relay

CVE-2013-0662

critical
Published 2014-04-01 · Modified 2026-05-06
CVSS v3
CVSS v2
9.3
VIR risk
9.3

Description

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01

Application impact
VendorProductVersionsFixed
schneider-electricconcept{"endIncluding":"2.6"}
schneider-electricmodbus_serial_driver1.10
schneider-electricmodbus_serial_driver2.2
schneider-electricmodbus_serial_driver3.2
schneider-electricmodbuscommdtm_sl{"endIncluding":"2.1.2"}
schneider-electricopc_factory_server{"endIncluding":"3.5.0"}
schneider-electricopc_factory_server3.34
schneider-electricopc_factory_server3.35
schneider-electricpl7{"endIncluding":"4.5"}
schneider-electricpowersuite{"endIncluding":"2.6"}
schneider-electricsft2841{"endIncluding":"14.0"}
schneider-electricsft284113.1
schneider-electricsomachine{"endIncluding":"3.1"}
schneider-electricsomachine2.0
schneider-electricsomachine3.0
schneider-electricsomove{"endIncluding":"1.7"}
schneider-electrictwidosuite{"endIncluding":"2.31.04"}
schneider-electricunity_pro{"endIncluding":"7.0"}
schneider-electricunity_pro6.0
schneider-electricunityloader{"endIncluding":"2.3"}
schneider_electricsomachine3.0

References

CWEs

CWE-787

Verify integrity in audit chain (admin only). AS-IS.