Vigil@nce - Siemens Simatic RF Manager: buffer overflow of ActiveX
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Simatic RF Manager is installed on user’s computer, an
attacker can invite him to display a web page calling an ActiveX,
in order to execute code on his computer.
Impacted products: SIMATIC
Severity: 2/4
Creation date: 11/01/2013
DESCRIPTION OF THE VULNERABILITY
The Simatic RF Manager product is used to configure RFID readers,
such as Simatic RF600. This software installs an ActiveX.
However, this ActiveX can be instantiated in Internet Explorer,
and it contains a buffer overflow.
When Simatic RF Manager is installed on user’s computer, an
attacker can therefore invite him to display a web page calling an
ActiveX, in order to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Siemens-Simatic-RF-Manager-buffer-overflow-of-ActiveX-12327