Lucene search

[email protected]CVE-2012-0257

HistoryApr 02, 2012 - 8:55 p.m.

CVE-2012-0257

2012-04-0220:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-0257

heap-based buffer overflow

wwcabfile

activex

wonderware

system platform

invensys

security vulnerability

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

92.1%

JSON

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite.

CPENameOperatorVersion
invensys:infusion_control_editioninvensys infusion control editionle2.5
invensys:archestra_application_object_toolkitinvensys archestra application object toolkitle3.2
invensys:intouchinvensys intoucheq10.5
invensys:wonderware_information_serverinvensys wonderware information servereq4.0
invensys:wonderware_information_serverinvensys wonderware information servereq3.1
invensys:infusion_scadainvensys infusion scadale2.5
invensys:infusion_foundation_editioninvensys infusion foundation editionle2.5
invensys:wonderware_information_serverinvensys wonderware information serverle4.5
invensys:intouchinvensys intoucheq10.0
invensys:wonderware_application_serverinvensys wonderware application serverle2012

CPE	Name	Operator	Version
invensys:infusion_control_edition	invensys infusion control edition	le	2.5
invensys:archestra_application_object_toolkit	invensys archestra application object toolkit	le	3.2
invensys:intouch	invensys intouch	eq	10.5
invensys:wonderware_information_server	invensys wonderware information server	eq	4.0
invensys:wonderware_information_server	invensys wonderware information server	eq	3.1
invensys:infusion_scada	invensys infusion scada	le	2.5
invensys:infusion_foundation_edition	invensys infusion foundation edition	le	2.5
invensys:wonderware_information_server	invensys wonderware information server	le	4.5
invensys:intouch	invensys intouch	eq	10.0
invensys:wonderware_application_server	invensys wonderware application server	le	2012

Rows per page:

1-10 of 111

References

osvdb.org/80891

secunia.com/advisories/48675

www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf

wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2012-0257

prion1 cvelist1 ics1