module
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
Disclosed | Created |
---|---|
Mar 25, 2011 | May 30, 2018 |
Disclosed
Mar 25, 2011
Created
May 30, 2018
Description
This module exploits a vulnerability found on Siemens FactoryLink 8. The
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.