Vulnerability Details : CVE-2012-1800
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-1800
Probability of exploitation activity in the next 30 days: 4.89%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1800
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST |
CWE ids for CVE-2012-1800
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1800
- http://support.automation.siemens.com/WW/view/en/59869684
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf
404 - File Not Found | CISAUS Government Resource
-
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
Vendor Advisory
Products affected by CVE-2012-1800
- cpe:2.3:a:siemens:scalance_s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:scalance_s_firmware:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:scalance_s_firmware:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_s602:v2:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_s613:v2:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_s612:v2:*:*:*:*:*:*:*