Schneider Electric Accutech Manager RFManagerService Heap Overflow

critical Nessus Plugin ID 65603

Synopsis

The remote host is affected by a heap overflow vulnerability.

Description

The remote host has a version of Schneider Electric Accutech Manager installed that is affected by a heap overflow vulnerability. By sending a specially crafted GET request to the RFManagerService listening on port 2537, an attacker could cause the service to crash or execute arbitrary code.

Solution

Upgrade to Schneider Electric Accutech Manager 2.00.2 or later.

See Also

http://www.nessus.org/u?ce958287

Plugin Details

Severity: Critical

ID: 65603

File Name: scada_schneider_electric_accutech_manager_2_0_2.nbin

Version: 1.52

Type: local

Family: SCADA

Published: 3/18/2013

Updated: 7/19/2022

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:schneider-electric:accutech_manager

Required KB Items: SCADA/Apps/Accutech/Manager/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/11/2013

Vulnerability Publication Date: 1/21/2013

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-0658

BID: 57651

EDB-ID: 24474

ICSA: 13-043-01