module

Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow

Disclosed
Mar 25, 2011
Created
May 30, 2018

Description

This module exploits a vulnerability found on Siemens FactoryLink 8. The
vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message,
the user-supplied path first gets converted to ANSI format (CodePage 0), and then
gets handled by a logging routine where proper bounds checking is not done,
therefore causing a stack-based buffer overflow, and results arbitrary code execution.

Authors

Platform

Windows

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


msf > use exploit/windows/scada/factorylink_csservice
msf exploit(factorylink_csservice) > show targets
...targets...
msf exploit(factorylink_csservice) > set TARGET < target-id >
msf exploit(factorylink_csservice) > show options
...show and set options...
msf exploit(factorylink_csservice) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.