CVE-2013-0657

Schneider Electric IGSS <10 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17352

View Code ZIP pw:eip

exploitdb WORKING POC

by Alejandro Parodi · pythonremotewindows_x86

https://www.exploit-db.com/exploits/45218

View Code ZIP pw:eip

References (4)

[Patch, US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-13-018-01.pdf

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45218/

[Patch] http://igss.schneider-electric.com/igss/igssupdates/v100/progupdatesv100.zip

[Patch] http://igss.schneider-electric.com/igss/igssupdates/v90/progupdatesv90.zip

Scores

EPSS 0.6144

EPSS Percentile 98.3%

Details

CWE

CWE-119

Status published

Products (2)

schneider-electric/interactive_graphical_scada_system 9.0

schneider-electric/interactive_graphical_scada_system < 10.0

Published Jan 21, 2013

Tracked Since Feb 18, 2026