CVE-2013-2802

Published: Aug 21, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes.

Affected (2)

Products: Sixnet: Rtu Firmware, Udr

Sixnet

2 products

Rtu Firmware

Udr

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sixnet Rtu Firmware	Up to 4.7
Sixnet Udr	Up to 1.9

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01

Source: ics-cert@hq.dhs.gov

US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.