Siemens SIMATIC RF-MANAGER KeyHelp.ocx Buffer Overflow

Medium Nessus Plugin ID 64683

Synopsis

The remote host has an ActiveX control installed that is affected by a buffer overflow vulnerability.

Description

The remote Siemens SIMATIC RF-MANAGER install has a third party ActiveX control installed (KeyHelp.ocx) that is affected by a buffer overflow vulnerability. A remote attacker may be able to execute arbitrary code by tricking a victim into opening a specially crafted web page.

Solution

Apply the vendor's patch.

See Also

http://www.nessus.org/u?9b4c828f

http://www.nessus.org/u?e2cfe7db

Plugin Details

Severity: Medium

ID: 64683

File Name: scada_siemens_rfmanager_activex.nbin

Version: 1.108

Type: local

Family: SCADA

Published: 2013/02/19

Updated: 2019/12/10

Dependencies: 64682

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2013-0656

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:siemens:simatic_rf-manager

Required KB Items: SCADA/Apps/Siemens/rf-manager/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/01/11

Vulnerability Publication Date: 2013/01/11

Reference Information

CVE: CVE-2013-0656

BID: 57324

ICSA: 13-014-01