Details of VAR-201404-0081

ID

VAR-201404-0081

CVE

CVE-2013-0662

TITLE

Schneider Electric Heap Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02043

DESCRIPTION

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Modbus Serial driver used by many Schneider Electric products monitors the TCP 27700 port. Successful exploitation of vulnerabilities can execute arbitrary code in the context of an application. Multiple Schneider Electric Products are prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TwidoSuite 2.31.04 and prior PowerSuite 2.6 and prior SoMove 1.7 and prior SoMachine 2.0, 3.0, 3.1, and 3.0 XS Unity Pro 7.0 and prior UnityLoader 2.3 and prior Concept 2.6 SR7 and prior ModbusCommDTM sl 2.1.2 and prior PL7 4.5 SP5 and prior SFT2841 14, 13.1 and prior OPC Factory Server 3.50 and prior

Trust: 2.7

sources: NVD: CVE-2013-0662 // JVNDB: JVNDB-2013-006276 // CNVD: CNVD-2014-02043 // BID: 66500 // IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60664

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02043

AFFECTED PRODUCTS

vendor:	schneider electric	model:	somachine	scope:	eq	version:	3.0	Trust: 2.8
vendor:	schneider electric	model:	modbuscommdtm sl	scope:	lte	version:	2.1.2	Trust: 1.8
vendor:	schneider electric	model:	powersuite	scope:	lte	version:	2.6	Trust: 1.8
vendor:	schneider electric	model:	somachine	scope:	eq	version:	2.0	Trust: 1.8
vendor:	schneider electric	model:	somove	scope:	lte	version:	1.7	Trust: 1.8
vendor:	schneider electric	model:	twidosuite	scope:	lte	version:	2.31.04	Trust: 1.8
vendor:	schneider electric	model:	unity pro	scope:	lte	version:	7.0	Trust: 1.8
vendor:	schneider electric	model:	sft2841	scope:	eq	version:	13.1	Trust: 1.6
vendor:	schneider electric	model:	modbus serial driver	scope:	eq	version:	2.2	Trust: 1.6
vendor:	schneider electric	model:	opc factory server	scope:	eq	version:	3.35	Trust: 1.6
vendor:	schneider electric	model:	modbus serial driver	scope:	eq	version:	1.10	Trust: 1.6
vendor:	schneider electric	model:	modbus serial driver	scope:	eq	version:	3.2	Trust: 1.6
vendor:	schneider electric	model:	opc factory server	scope:	eq	version:	3.34	Trust: 1.6
vendor:	schneider electric	model:	concept	scope:	lte	version:	2.6	Trust: 1.0
vendor:	schneider electric	model:	somachine	scope:	lte	version:	3.1	Trust: 1.0
vendor:	schneider electric	model:	opc factory server	scope:	lte	version:	3.5.0	Trust: 1.0
vendor:	schneider electric	model:	sft2841	scope:	lte	version:	14.0	Trust: 1.0
vendor:	schneider electric	model:	pl7	scope:	lte	version:	4.5	Trust: 1.0
vendor:	schneider electric	model:	unityloader	scope:	lte	version:	2.3	Trust: 1.0
vendor:	schneider electric	model:	unity pro	scope:	eq	version:	6.0	Trust: 1.0
vendor:	schneider electric	model:	concept	scope:	lte	version:	2.6 sr7	Trust: 0.8
vendor:	schneider electric	model:	modbus serial driver	scope:	eq	version:	1.10 to 3.2	Trust: 0.8
vendor:	schneider electric	model:	opc factory server	scope:	lte	version:	3.40	Trust: 0.8
vendor:	schneider electric	model:	pl7	scope:	lte	version:	4.5 sp5	Trust: 0.8
vendor:	schneider electric	model:	sft2841	scope:	lte	version:	13.1	Trust: 0.8
vendor:	schneider electric	model:	sft2841	scope:	eq	version:	14	Trust: 0.8
vendor:	schneider electric	model:	somachine	scope:	eq	version:	3.0 xs	Trust: 0.8
vendor:	schneider electric	model:	somachine	scope:	eq	version:	3.1	Trust: 0.8
vendor:	schneider electric	model:	unity loader	scope:	lte	version:	2.3	Trust: 0.8
vendor:	schneider	model:	electric opc factory server	scope:	eq	version:	3.5	Trust: 0.6
vendor:	schneider	model:	electric tlxcdsuofs33	scope:	eq	version:	3.5	Trust: 0.6
vendor:	schneider	model:	electric tlxcdstofs33	scope:	eq	version:	3.5	Trust: 0.6
vendor:	schneider	model:	electric tlxcdluofs33	scope:	eq	version:	3.5	Trust: 0.6
vendor:	schneider	model:	electric tlxcdlfofs33	scope:	eq	version:	3.5	Trust: 0.6
vendor:	schneider electric	model:	opc factory server	scope:	eq	version:	3.5.0	Trust: 0.6
vendor:	schneider electric	model:	modbuscommdtm sl	scope:	eq	version:	2.1.2	Trust: 0.6
vendor:	schneider electric	model:	sft2841	scope:	eq	version:	14.0	Trust: 0.6
vendor:	schneider electric	model:	pl7	scope:	eq	version:	4.5	Trust: 0.6
vendor:	somachine	model:	-	scope:	eq	version:	3.0	Trust: 0.4
vendor:	schneider	model:	electric unity pro	scope:	eq	version:	6.0	Trust: 0.3
vendor:	schneider	model:	electric unity pro	scope:	eq	version:	6	Trust: 0.3
vendor:	schneider	model:	electric opc factory server	scope:	eq	version:	3.34	Trust: 0.3
vendor:	schneider	model:	electric opc factory driver	scope:	eq	version:	3.34	Trust: 0.3
vendor:	concept	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modbus serial driver	model:	-	scope:	eq	version:	1.10	Trust: 0.2
vendor:	modbus serial driver	model:	-	scope:	eq	version:	2.2	Trust: 0.2
vendor:	modbus serial driver	model:	-	scope:	eq	version:	3.2	Trust: 0.2
vendor:	modbuscommdtm sl	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	opc factory server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	opc factory server	model:	-	scope:	eq	version:	3.34	Trust: 0.2
vendor:	opc factory server	model:	-	scope:	eq	version:	3.35	Trust: 0.2
vendor:	pl7	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	powersuite	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sft2841	model:	-	scope:	eq	version:	13.1	Trust: 0.2
vendor:	sft2841	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	somachine	model:	-	scope:	eq	version:	2.0	Trust: 0.2
vendor:	somachine	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	somove	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	twidosuite	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	unity pro	model:	-	scope:	eq	version:	6.0	Trust: 0.2
vendor:	unity pro	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	unityloader	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02043 // BID: 66500 // JVNDB: JVNDB-2013-006276 // CNNVD: CNNVD-201404-005 // NVD: CVE-2013-0662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0662
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-0662
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-02043
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-005
value:	CRITICAL
Trust: 0.6
IVD:	1cbd5cbc-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-60664
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-0662
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02043
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	1cbd5cbc-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-60664
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02043 // VULHUB: VHN-60664 // JVNDB: JVNDB-2013-006276 // CNNVD: CNNVD-201404-005 // NVD: CVE-2013-0662

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-60664 // JVNDB: JVNDB-2013-006276 // NVD: CVE-2013-0662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-005

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201404-005

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006276

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-60664

PATCH

title:	SEVD 2013-070-01	url:	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01	Trust: 0.8
title:	Patch for Schneider Electric heap buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44568	Trust: 0.6
title:	Schneider Electric Modbus Serial Driver Repair measures for stack-based buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160424	Trust: 0.6

sources: CNVD: CNVD-2014-02043 // JVNDB: JVNDB-2013-006276 // CNNVD: CNNVD-201404-005

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0662	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-086-01	Trust: 3.1
db:	BID	id:	66500	Trust: 2.6
db:	EXPLOIT-DB	id:	45219	Trust: 1.7
db:	EXPLOIT-DB	id:	45220	Trust: 1.7
db:	CNNVD	id:	CNNVD-201404-005	Trust: 0.9
db:	CNVD	id:	CNVD-2014-02043	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-086-01A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-006276	Trust: 0.8
db:	OSVDB	id:	105035	Trust: 0.6
db:	IVD	id:	1CBD5CBC-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	149000	Trust: 0.1
db:	PACKETSTORM	id:	148995	Trust: 0.1
db:	VULHUB	id:	VHN-60664	Trust: 0.1

sources: IVD: 1cbd5cbc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02043 // VULHUB: VHN-60664 // BID: 66500 // JVNDB: JVNDB-2013-006276 // CNNVD: CNNVD-201404-005 // NVD: CVE-2013-0662

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-086-01	Trust: 3.1
url:	http://www.securityfocus.com/bid/66500	Trust: 1.7
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202013-070-01	Trust: 1.7
url:	https://www.exploit-db.com/exploits/45219/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/45220/	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0662	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-086-01a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0662	Trust: 0.8
url:	http://osvdb.com/show/osvdb/105035	Trust: 0.6
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2014-02043 // VULHUB: VHN-60664 // BID: 66500 // JVNDB: JVNDB-2013-006276 // CNNVD: CNNVD-201404-005 // NVD: CVE-2013-0662

CREDITS

This issue is reported by vendor.

Trust: 0.3

sources: BID: 66500

SOURCES

db:	IVD	id:	1cbd5cbc-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02043
db:	VULHUB	id:	VHN-60664
db:	BID	id:	66500
db:	JVNDB	id:	JVNDB-2013-006276
db:	CNNVD	id:	CNNVD-201404-005
db:	NVD	id:	CVE-2013-0662

LAST UPDATE DATE

2024-08-14T14:27:54.398000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02043	date:	2014-04-01T00:00:00
db:	VULHUB	id:	VHN-60664	date:	2018-08-22T00:00:00
db:	BID	id:	66500	date:	2015-03-19T09:42:00
db:	JVNDB	id:	JVNDB-2013-006276	date:	2014-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-005	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2013-0662	date:	2022-02-03T13:57:57.017

SOURCES RELEASE DATE

db:	IVD	id:	1cbd5cbc-2352-11e6-abef-000c29c66e3d	date:	2014-04-01T00:00:00
db:	CNVD	id:	CNVD-2014-02043	date:	2014-04-01T00:00:00
db:	VULHUB	id:	VHN-60664	date:	2014-04-01T00:00:00
db:	BID	id:	66500	date:	2014-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-006276	date:	2014-04-02T00:00:00
db:	CNNVD	id:	CNNVD-201404-005	date:	2014-04-02T00:00:00
db:	NVD	id:	CVE-2013-0662	date:	2014-04-01T06:17:08.240