Lucene search

[email protected]CVE-2012-0228

HistoryApr 02, 2012 - 8:55 p.m.

CVE-2012-0228

2012-04-0220:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-0228

invensys wonderware

information server

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Affected configurations

NVD

Node

invensyswonderware_information_serverMatch4.0sp1

invensyswonderware_information_serverMatch4.5

CPENameOperatorVersion
invensys:wonderware_information_serverinvensys wonderware information servereq4.0
invensys:wonderware_information_serverinvensys wonderware information servereq4.5

CPE	Name	Operator	Version
invensys:wonderware_information_server	invensys wonderware information server	eq	4.0
invensys:wonderware_information_server	invensys wonderware information server	eq	4.5

References

osvdb.org/80890

secunia.com/advisories/48603

www.securityfocus.com/bid/52851

www.securitytracker.com/id?1026886

www.securitytracker.com/id?1026887

www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2012-0228

nvd1 cvelist1 prion1 ics1