Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5409

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-5409
Last Modified 20 May 2013 11:21:26
Published 01 Nov 2012 06:44:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5409

Summary

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.

Vulnerable Systems

Application

  • Siemens Sipass Integrated Mp2.6


References

CONFIRM - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf

OSVDB - 86129

SECUNIA - 50900

MISC - http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01


Last Updated: 27 May 2016 10:57:36