Lucene search

CertccCVE-2012-0258

HistoryApr 02, 2012 - 8:55 p.m.

CVE-2012-0258

2012-04-0220:55:02

CWE-119

certcc

web.nvd.nist.gov

cve-2012-0258

heap-based buffer overflow

wwcabfile activex

wonderware system platform

invensys

foxboro control software

infusion

scada

archestra

intouch

remote code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.041

Percentile

92.1%

JSON

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member.

Affected configurations

Nvd

Node

invensysarchestra_application_object_toolkitRange≤3.2

invensysfoxboro_control_softwareRange≤3.1

invensysinfusion_control_editionRange≤2.5

invensysinfusion_foundation_editionRange≤2.5

invensysinfusion_scadaRange≤2.5

invensysintouchMatch10.0

invensysintouchMatch10.5

invensyswonderware_application_serverRange≤2012

invensyswonderware_information_serverRange≤4.5

invensyswonderware_information_serverMatch3.1

invensyswonderware_information_serverMatch4.0

invensyswonderware_information_serverMatch4.0sp1

VendorProductVersionCPE
invensysarchestra_application_object_toolkit*cpe:2.3:a:invensys:archestra_application_object_toolkit:*:*:*:*:*:*:*:*
invensysfoxboro_control_software*cpe:2.3:a:invensys:foxboro_control_software:*:*:*:*:*:*:*:*
invensysinfusion_control_edition*cpe:2.3:a:invensys:infusion_control_edition:*:*:*:*:*:*:*:*
invensysinfusion_foundation_edition*cpe:2.3:a:invensys:infusion_foundation_edition:*:*:*:*:*:*:*:*
invensysinfusion_scada*cpe:2.3:a:invensys:infusion_scada:*:*:*:*:*:*:*:*
invensysintouch10.0cpe:2.3:a:invensys:intouch:10.0:*:*:*:*:*:*:*
invensysintouch10.5cpe:2.3:a:invensys:intouch:10.5:*:*:*:*:*:*:*
invensyswonderware_application_server*cpe:2.3:a:invensys:wonderware_application_server:*:*:*:*:*:*:*:*
invensyswonderware_information_server*cpe:2.3:a:invensys:wonderware_information_server:*:*:*:*:*:*:*:*
invensyswonderware_information_server3.1cpe:2.3:a:invensys:wonderware_information_server:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invensys	archestra_application_object_toolkit	*	cpe:2.3:a:invensys:archestra_application_object_toolkit::::::::
invensys	foxboro_control_software	*	cpe:2.3:a:invensys:foxboro_control_software::::::::
invensys	infusion_control_edition	*	cpe:2.3:a:invensys:infusion_control_edition::::::::
invensys	infusion_foundation_edition	*	cpe:2.3:a:invensys:infusion_foundation_edition::::::::
invensys	infusion_scada	*	cpe:2.3:a:invensys:infusion_scada::::::::
invensys	intouch	10.0	cpe:2.3:a:invensys:intouch:10.0:::::::*
invensys	intouch	10.5	cpe:2.3:a:invensys:intouch:10.5:::::::*
invensys	wonderware_application_server	*	cpe:2.3:a:invensys:wonderware_application_server::::::::
invensys	wonderware_information_server	*	cpe:2.3:a:invensys:wonderware_information_server::::::::
invensys	wonderware_information_server	3.1	cpe:2.3:a:invensys:wonderware_information_server:3.1:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/80891

secunia.com/advisories/48675

www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf

wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.041

Percentile

92.1%

JSON

Related for CVE-2012-0258