CVE-2013-0662

Schneider Electric Modbus Serial Driver <3.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-0662. PoCs published by Alejandro Parodi.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in SEIG Modbus v3.4, allowing remote code execution via a crafted payload. It uses a NOP sled and shellcode to spawn a calculator as a proof-of-concept.

Description

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Exploits (2)

exploitdb WORKING POC

by Alejandro Parodi · pythonremotewindows_x86

https://www.exploit-db.com/exploits/45220

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in SEIG Modbus v3.4, allowing remote code execution via a crafted payload. It uses a NOP sled and shellcode to spawn a calculator as a proof-of-concept.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SEIG Modbus v3.4

No auth needed

Prerequisites: Network access to the target system · Modbus service running on port 27700

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Alejandro Parodi · pythondoswindows_x86

https://www.exploit-db.com/exploits/45219

View Code ZIP pw:eip

This PoC exploits a denial-of-service vulnerability in SEIG Modbus v3.4 by sending a malformed packet with an oversized buffer. The exploit triggers a crash in the target software by manipulating header fields and sending an excessively long message.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SEIG Modbus v3.4

No auth needed

Prerequisites: Network access to the target system · Target software running on port 27700

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45219/

Mitigation, Third Party Advisory, US Government Resource x_refsource_misc

http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66500

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45220/

Scores

EPSS 0.2212

EPSS Percentile 97.4%

Details

CWE

CWE-787

Status published

Products (21)

schneider-electric/concept < 2.6

schneider-electric/modbus_serial_driver 1.10

schneider-electric/modbus_serial_driver 2.2

schneider-electric/modbus_serial_driver 3.2

schneider-electric/modbuscommdtm_sl < 2.1.2

schneider-electric/opc_factory_server 3.34

schneider-electric/opc_factory_server 3.35

schneider-electric/opc_factory_server < 3.5.0

schneider-electric/pl7 < 4.5

schneider-electric/powersuite < 2.6

... and 11 more

Published Apr 01, 2014

Tracked Since Feb 18, 2026