A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/99488 | vdb entry third party advisory broken link |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04 | third party advisory us government resource |
| http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/ | vendor advisory |
| http://www.securitytracker.com/id/1038836 | vdb entry third party advisory broken link |