Siemens Information for VU#922681
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
- Vendor Information Help Date Notified: 13 Dec 2012
- Statement Date:
- Date Updated: 30 Jan 2013
No statement is currently available from the vendor regarding this vulnerability.
Siemens OZW and OZS products use the UPnP network protocol for supporting specific localization functions. The 3rd party library libupnp  used for this protocol is vulnerable to multiple stack-based buffer overflows, as reported by CERT-CC . These vulnerabilities allow DoS attacks and possibly remote code execution if the affected network ports are reachable by an attacker. Siemens plans to provide official permanent fixes with upcoming firmware updates and product replacements, and describes a temporary workaround below.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.