Lucene search

IcscertCVE-2012-3005

HistoryJul 26, 2012 - 10:41 a.m.

CVE-2012-3005

2012-07-2610:41:47

icscert

web.nvd.nist.gov

security

vulnerability

invensys wonderware intouch

local users

privileges

trojan horse dll

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

Percentile

0.4%

JSON

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

Nvd

Node

invensysfoxboro_control_softwareMatch3.1

invensysfoxboro_control_softwareMatch4.0

invensysinfusion_ce\/fe\/scadaRange≤2.5

invensysintouchRange≤2012

invensysintouch\/wonderware_application_serverRange≤2012

invensysintouch\/wonderware_application_serverMatch10.0

invensysintouch\/wonderware_application_serverMatch10.5

invensyswonderware_historianRange≤10.0sp1

invensyswonderware_historianMatch10.0

invensyswonderware_inbatchRange≤9.5sp1

invensyswonderware_information_serverRange≤4.5

invensyswonderware_information_serverMatch3.1

invensyswonderware_information_serverMatch4.0

invensyswonderware_information_serverMatch4.0sp1

VendorProductVersionCPE
invensysfoxboro_control_software3.1cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:*
invensysfoxboro_control_software4.0cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:*
invensysinfusion_ce\/fe\/scada*cpe:2.3:a:invensys:infusion_ce\/fe\/scada:*:*:*:*:*:*:*:*
invensysintouch*cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server*cpe:2.3:a:invensys:intouch\/wonderware_application_server:*:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server10.0cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server10.5cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:*:*:*:*:*:*:*
invensyswonderware_historian*cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:*
invensyswonderware_historian10.0cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:*
invensyswonderware_inbatch*cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
invensys	foxboro_control_software	3.1	cpe:2.3:a:invensys:foxboro_control_software:3.1:::::::*
invensys	foxboro_control_software	4.0	cpe:2.3:a:invensys:foxboro_control_software:4.0:::::::*
invensys	infusion_ce\/fe\/scada	*	cpe:2.3:a:invensys:infusion_ce\/fe\/scada::::::::
invensys	intouch	*	cpe:2.3:a:invensys:intouch::::::::
invensys	intouch\/wonderware_application_server	*	cpe:2.3:a:invensys:intouch\/wonderware_application_server::::::::
invensys	intouch\/wonderware_application_server	10.0	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:::::::*
invensys	intouch\/wonderware_application_server	10.5	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:::::::*
invensys	wonderware_historian	*	cpe:2.3:a:invensys:wonderware_historian::sp1::::::*
invensys	wonderware_historian	10.0	cpe:2.3:a:invensys:wonderware_historian:10.0:::::::*
invensys	wonderware_inbatch	*	cpe:2.3:a:invensys:wonderware_inbatch::sp1::::::*

Rows per page:

1-10 of 141

References

www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-3005