Stack-based Buffer Overflow

CVE-2017-12732

Medium

6.8/10

Summary

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-121 - Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

Advisory Timeline

Published Oct 05, 2017

Stack-based Buffer Overflow

CVE-2017-12732

Summary

CWE-121 - Stack-based Buffer Overflow

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS