CVE-2012-2514

SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2514.

AI-analyzed exploit summary The provided code is a functional Python exploit for multiple SAP Netweaver Dispatcher vulnerabilities, including buffer overflows and DoS conditions. It demonstrates how to craft malicious SAP Diag packets to trigger vulnerabilities in functions like DiagTraceR3Info and DiagTraceHex.

Description

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/18853

The provided code is a functional Python exploit for multiple SAP Netweaver Dispatcher vulnerabilities, including buffer overflows and DoS conditions. It demonstrates how to craft malicious SAP Diag packets to trigger vulnerabilities in functions like DiagTraceR3Info and DiagTraceHex.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Network access to SAP Dispatcher TCP ports (32NN) · Developer Traces for 'Dialog Processing' set to level 2 or 3 for certain CVEs
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
pythondosmultiple
https://www.exploit-db.com/exploits/20705

The provided Python script demonstrates multiple buffer overflow vulnerabilities in SAP Netweaver Dispatcher, allowing remote code execution and denial of service attacks via crafted SAP Diag packets. It includes functional exploit code for several CVEs, including CVE-2012-2514.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Network access to SAP Dispatcher TCP ports (32NN) · Developer Traces for 'Dialog Processing' set to level 2 or 3 for certain CVEs
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75456
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1687910
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027052

Scores

EPSS 0.0335
EPSS Percentile 87.1%

Details

CWE
CWE-119
Status published
Products (1)
sap/netweaver 7.0 ehp1 (2 CPE variants)
Published May 15, 2012
Tracked Since Feb 18, 2026