CVE-2013-0662

Schneider Electric Modbus Serial Driver <3.2 - RCE

Title source: llm

Description

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

Exploits (2)

exploitdb WORKING POC

by Alejandro Parodi · pythonremotewindows_x86

https://www.exploit-db.com/exploits/45220

View Code ZIP pw:eip

exploitdb WORKING POC

by Alejandro Parodi · pythondoswindows_x86

https://www.exploit-db.com/exploits/45219

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45219/

[Mitigation, Third Party Advisory, US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66500

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45220/

Scores

EPSS 0.5058

EPSS Percentile 97.9%

Details

CWE

CWE-787

Status published

Products (21)

schneider-electric/concept < 2.6

schneider-electric/modbuscommdtm_sl < 2.1.2

schneider-electric/modbus_serial_driver 1.10

schneider-electric/modbus_serial_driver 2.2

schneider-electric/modbus_serial_driver 3.2

schneider-electric/opc_factory_server 3.34

schneider-electric/opc_factory_server 3.35

schneider-electric/opc_factory_server < 3.5.0

schneider-electric/pl7 < 4.5

schneider-electric/powersuite < 2.6

... and 11 more

Published Apr 01, 2014

Tracked Since Feb 18, 2026