CVE-2013-0662 in Unity Pro
Summary
by MITRE
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/09/2026
The vulnerability identified as CVE-2013-0662 represents a critical stack-based buffer overflow flaw within Schneider Electric's Modbus Serial Driver software version 1.10 through 3.2. This issue affects the ModbusDrv.exe component which serves as the core driver for Modbus serial communication protocols in industrial control systems. The vulnerability manifests when the driver processes Modbus Application Headers containing excessively large buffer-size values, creating an exploitable condition that can be leveraged by remote attackers to gain unauthorized code execution privileges. The flaw exists at the protocol parsing layer where input validation is insufficient to handle malformed buffer size parameters, allowing attackers to overflow the stack memory and potentially overwrite critical program execution elements.
The technical implementation of this vulnerability stems from inadequate input sanitization within the Modbus serial driver's parsing logic. When a Modbus Application Header contains a buffer-size value that exceeds the allocated stack buffer capacity, the driver fails to properly validate or limit the input size before processing. This allows attackers to craft malicious Modbus packets with oversized buffer parameters that cause stack memory corruption. The stack-based nature of the overflow means that the return addresses and local variables stored on the program stack can be overwritten, potentially enabling attackers to redirect program execution flow to malicious code. This vulnerability aligns with CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows memory corruption through excessive data input.
The operational impact of this vulnerability extends significantly within industrial environments where Schneider Electric Modbus Serial Drivers are deployed. These systems are commonly found in critical infrastructure sectors including energy production, water treatment facilities, manufacturing plants, and transportation systems. Remote code execution capabilities provided by this vulnerability could enable attackers to compromise entire industrial control networks, potentially leading to operational disruptions, safety hazards, or unauthorized access to sensitive operational data. The remote exploitability means that attackers do not require physical access to the systems, making this vulnerability particularly dangerous in environments where network connectivity is present. According to ATT&CK framework domain references, this vulnerability maps to T1059.007 for remote code execution and T1190 for exploitation of remote services, representing the attack surface of industrial control systems.
Mitigation strategies for CVE-2013-0662 require immediate implementation of software updates from Schneider Electric, as the vendor has released patches addressing the buffer overflow condition in affected driver versions. Organizations should also implement network segmentation to isolate industrial control systems from general enterprise networks, reducing potential attack vectors. Additional protective measures include deploying network monitoring solutions capable of detecting anomalous Modbus traffic patterns and implementing input validation controls at network boundaries. The vulnerability demonstrates the importance of robust input validation and memory safety practices in industrial control system software development, aligning with security standards that emphasize defensive programming techniques to prevent buffer overflow conditions. Regular security assessments and vulnerability scanning of industrial control environments remain essential for identifying similar weaknesses in legacy systems that may not receive regular security updates.