Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
AV:N/AC:M/Au:N/C:C/I:C/A:CSchneider Electric Somachine
APPSchneider Electric3.0Schneider Electric Concept
APPSchneider-Electric≤ 2.6Schneider Electric Modbuscommdtm Sl
APPSchneider-Electric≤ 2.1.2Schneider Electric Modbus Serial Driver
APPSchneider-Electric1.102.23.2Schneider Electric Opc Factory Server
APPSchneider-Electric3.343.35≤ 3.5.0Schneider Electric Pl7
APPSchneider-Electric≤ 4.5Schneider Electric Powersuite
APPSchneider-Electric≤ 2.6Schneider Electric Sft2841
APPSchneider-Electric13.1≤ 14.0Schneider Electric Somachine
APPSchneider-Electric2.03.0≤ 3.1Schneider Electric Somove
APPSchneider-Electric≤ 1.7Schneider Electric Twidosuite
APPSchneider-Electric≤ 2.31.04Schneider Electric Unityloader
APPSchneider-Electric≤ 2.3Schneider Electric Unity Pro
APPSchneider-Electric6.0≤ 7.0
Related vulnerabilities
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), ...
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a ha...
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and U...
Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security no...