SBA Security Advisory – KNX management software ETS – remote code execution vulnerability (CVE-2015-8299)
Vulnerability Overview
The vulnerability is caused by a buffer overflow in a memcpy operation when parsing specailly crafted KNXnet/IP packets in the Group messages monitor (aka. Falcon). An according proof-of-concept exploit which was tested on an affected ETS version installed on a Windows XP SP3 can be found below. The proof-of-concept exploit generates the UDP packet which triggers the vulnerability and should at least crash the application (it requires python and scapy to run).
- Type of Vulnerability: Buffer overflow vulnerability
- CVE ID: CVE-2015-8299
- Impact: Critical
Links
Credits
- Aljosha Judmayer (SBA Research)