CVE-2012-2513

SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2513.

AI-analyzed exploit summary The provided code is a functional Python script that exploits multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions via crafted SAP Diag packets. It includes specific payloads for each CVE, demonstrating remote code execution and DoS capabilities.

Description

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/18853

The provided code is a functional Python script that exploits multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions via crafted SAP Diag packets. It includes specific payloads for each CVE, demonstrating remote code execution and DoS capabilities.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Network access to TCP port 32NN (SAP system number) · Developer Trace level 2 or 3 for certain CVEs
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondosmultiple
https://www.exploit-db.com/exploits/20705

The provided Python script demonstrates multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions. It includes functional exploit code for CVE-2012-2513 and other related CVEs, targeting specific functions like Diaginput.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Network access to TCP port 32NN (SAP system number) · Developer Trace configured at level 2 or 3 for Dialog Processing
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75455
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1687910
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027052

Scores

EPSS 0.0335
EPSS Percentile 87.1%

Details

CWE
CWE-119
Status published
Products (1)
sap/netweaver 7.0 ehp1 (2 CPE variants)
Published May 15, 2012
Tracked Since Feb 18, 2026