CVE-2012-2612

SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2612. PoCs published by Core Security.

AI-analyzed exploit summary The provided Python script demonstrates multiple buffer overflow vulnerabilities in SAP Netweaver Dispatcher, allowing remote unauthenticated attackers to execute arbitrary code or cause denial of service by sending crafted SAP Diag packets to TCP port 32NN.

Description

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Core Security · pythondosmultiple
https://www.exploit-db.com/exploits/20705

The provided Python script demonstrates multiple buffer overflow vulnerabilities in SAP Netweaver Dispatcher, allowing remote unauthenticated attackers to execute arbitrary code or cause denial of service by sending crafted SAP Diag packets to TCP port 32NN.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1/EHP2 (disp+work.exe)
No auth needed
Prerequisites: Developer Trace for 'Dialog Processing' set to level 2 or 3 · Access to SAP Dispatcher TCP ports (3200-3299)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Core Security · textdoswindows
https://www.exploit-db.com/exploits/18853

The provided code is a functional Python script that exploits multiple vulnerabilities in SAP Netweaver Dispatcher, including buffer overflows and denial-of-service conditions via crafted SAP Diag packets. It includes specific payloads for each CVE, demonstrating remote code execution and DoS capabilities.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Reliable
Target: SAP Netweaver 7.0 EHP1, SAP Netweaver 7.0 EHP2
No auth needed
Prerequisites: Developer Traces for 'Dialog Processing' set to level 2 or 3 · Access to TCP port 32NN (SAP system number)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1687910
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027052
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75452

Scores

EPSS 0.0335
EPSS Percentile 87.1%

Details

CWE
CWE-119
Status published
Products (1)
sap/netweaver 7.0 ehp1 (2 CPE variants)
Published May 15, 2012
Tracked Since Feb 18, 2026