Preface: In industries, power plants and substations, the SICAM MMU
is applied to measure and calculate parameters.
Product background: SICAM T (transducer) is a digital measuring sensor that allows the measurement of electricity in non-electrical networks in a single unit. ICAM-MMU (Measurement and Monitoring Unit) is a power monitoring device that allows the measurement of electricity in the power grid.
Remark: SICAM SGU has been discontinued.
Security Focus: CVE-2020-10042 – A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.
My observation:
Fundamental theory: For custom application software, all code that accepts input from users via the HTTP request must be reviewed to ensure that it can properly handle arbitrarily large input.
A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.
Possibility: According to the definition of CWE-120. Buffer overflow related to this vulnerability will be caused by looping correction. The function does not work after JavaScript updates the Field (Update fields dynamically in javascript).
Synopsis: By sending carefully crafted input to an application, an attacker can cause the application to execute arbitrary code, possibly taking over the machine.
Official announcement: https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf