NVD

Id
46577  
Name
CVE-2012-5409  
Description
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-11-01  
Modified Date
2013-05-20  
Seq
2012-5409  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
233298 46577 CVE-2012-5409 http://ics-cert.us-cert.gov/advisories/ICSA-12-305-01  View
233299 46577 CVE-2012-5409 http://ioactive.com/pdfs/SIEMENS_Sipass_Integrated_Ethernet_Bus_Arbitrary_Pointer_Dereference_V4.pdf  View
233300 46577 CVE-2012-5409 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29485 JVNDB-2012-005192 Siemens SiPass integrated のサーバにおける任意のコードを実行される脆弱性 Siemens SiPass integrated のサーバ内の AscoServer.exe は、イーサネットネットワーク経由で受信した IOCP RPC メッセージを適切に処理しないため、メモリロケーションにデータを書き込まれることで、任意のコードを実行される脆弱性が存在します。 CVE-2012-5409 58647 CVE-2012-5409 46577 10 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005192.html 2012-10-08 2012-11-02 View