31 Jan 2013
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information:
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows.
The vulnerabilities are reported in the following products and versions:
No official solution is currently available. The vendor is planning to provide fixes with upcoming firmware updates.