module
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
| Disclosed | Created |
|---|---|
| 2011-03-25 | 2018-05-30 |
Disclosed
2011-03-25
Created
2018-05-30
Description
This module exploits a vulnerability found on Siemens FactoryLink 8. The
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.
Authors
Luigi Auriemma aluigi@autistici.org
sinn3r sinn3r@metasploit.com
sinn3r sinn3r@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.