SCADA: Schneider Electric Interactive Graphical System Buffer Overflow
This signature detects payloads being transferred over network that have been encoded using x86 PexCall Encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
Affected Products
Schneider-electric interactive_graphical_scada_system
References
CVE: CVE-2013-0657
Short Name
SCADA:SCHNEIDER-ELEC-BOF
Severity
Minor
Recommended
False
Recommended Action
None
Category
SCADA
Keywords
Buffer CVE-2013-0657 Electric Graphical Interactive Overflow Schneider System
Release Date
07/25/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Schneider-electric
CVSS Score
10.0