Lucene search

[email protected]CVE-2011-4870

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4870

2022-10-0316:15:13

CWE-119

[email protected]

web.nvd.nist.gov

buffer overflow

activex controls

inbatch 9.0

security vulnerability

cve-2011-4870

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141.

Affected configurations

NVD

Node

invensyswonderware_inbatchMatch8.1sp1

invensyswonderware_inbatchMatch9.0

invensyswonderware_inbatchMatch9.0sp1

invensyswonderware_inbatchMatch9.0sp2

invensyswonderware_inbatchMatch9.5

CPENameOperatorVersion
invensys:wonderware_inbatchinvensys wonderware inbatcheq8.1
invensys:wonderware_inbatchinvensys wonderware inbatcheq9.0
invensys:wonderware_inbatchinvensys wonderware inbatcheq9.5

CPE	Name	Operator	Version
invensys:wonderware_inbatch	invensys wonderware inbatch	eq	8.1
invensys:wonderware_inbatch	invensys wonderware inbatch	eq	9.0
invensys:wonderware_inbatch	invensys wonderware inbatch	eq	9.5

References

www.securityfocus.com/bid/51129

www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2011-4870

cvelist2 nvd2 prion2 ics1 cve1