Rapid7

module

Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow

Try Surface Command
Back to search
Disclosed
Mar 25, 2011
Created
May 30, 2018

Description

This module exploits a vulnerability found on Siemens FactoryLink 8. The
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.

Authors

Luigi Auriemma [email protected]
sinn3r [email protected]

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/scada/factorylink_csservice
    msf exploit(factorylink_csservice) > show targets
        ...targets...
    msf exploit(factorylink_csservice) > set TARGET < target-id >
    msf exploit(factorylink_csservice) > show options
        ...show and set options...
    msf exploit(factorylink_csservice) > exploit
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report