SCADA: Schneider Electric Interactive Graphical System Overflow
This signature detects payloads being transferred over network that have been encoded using x86 PexCall Encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
Affected Products
Cisco security_agent
References
BugTraq: 57449 36815 27229 46420
CVE: CVE-2008-0339
URL: http://www.cisco.com/en/us/products/products_security_advisory09186a0080b6cee6.shtml http://www.zerodayinitiative.com/advisories/zdi-11-088/ http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2013/01/20130110_advisory_of_vulnerability_affecting_igss_scada_software.xml http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html http://tcc.hellcode.net/advisories/hellcode-adv004.txt
Short Name
SCADA:SCHNEIDER-ELEC-OF
Severity
Minor
Recommended
False
Recommended Action
None
Category
SCADA
Keywords
CVE-2008-0339 CVE-2011-0364 CVE-2013-0657 Electric Graphical Interactive Overflow Schneider System bid:27229 bid:36815 bid:46420 bid:57449
Release Date
08/01/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3709
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Cisco