Siemens Information for VU#922681
Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
- Vendor Information Help Date Notified: 13 Dec 2012
- Statement Date:
- Date Updated: 30 Jan 2013
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
From SSA-963338:
Siemens OZW and OZS products use the UPnP network protocol for supporting specific localization functions. The 3rd party library libupnp [1] used for this protocol is vulnerable to multiple stack-based buffer overflows, as reported by CERT-CC [2]. These vulnerabilities allow DoS attacks and possibly remote code execution if the affected network ports are reachable by an attacker. Siemens plans to provide official permanent fixes with upcoming firmware updates and product replacements, and describes a temporary workaround below.
Vendor References
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.