1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Schneider Electric Modbus Driver CVE-2013-0662

Attack: Schneider Electric Modbus Driver CVE-2013-0662

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging a stack based buffer-overflow vulnerability in Multiple Schneider Electric Products which could lead to arbitrary code execution.

Additional Information

Schneider Electric products provide solutions to energy management.

Multiple Schneider Electric Products are prone to a stack based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Specifically, the issue affects the Serial Modbus Driver 'ModbusDrv.exe'.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • The following products are vulnerable:
  • TwidoSuite 2.31.04 and prior
  • PowerSuite 2.6 and prior
  • SoMove 1.7 and prior
  • SoMachine 2.0, 3.0, 3.1, and 3.0 XS
  • Unity Pro 7.0 and prior
  • UnityLoader 2.3 and prior
  • Concept 2.6 SR7 and prior
  • ModbusCommDTM sl 2.1.2 and prior
  • PL7 4.5 SP5 and prior
  • SFT2841 14, 13.1 and prior
  • OPC Factory Server 3.50 and prior
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube