Lucene search

[email protected]CVE-2012-3007

HistoryJul 05, 2012 - 3:23 a.m.

CVE-2012-3007

2012-07-0503:23:18

CWE-119

[email protected]

web.nvd.nist.gov

cve

2012

3007

buffer overflow

invensys

wonderware

suitelink

security vulnerability

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.

Affected configurations

NVD

Node

invensysdasabcipRange≤4.1sp1

invensysdasabcipMatch4.1

invensysdaserver_runtime_componentsRange≤3.0sp1

invensysdaserver_runtime_componentsMatch3.0

invensysdassidirectRange≤2.0

invensysintouch\/wonderware_application_serverRange≤10.0

invensyswonderware_application_serverRange≤3.1sp2

invensyswonderware_application_serverMatch3.0

invensyswonderware_application_serverMatch3.0.200sp2

invensyswonderware_application_serverMatch3.1

invensyswonderware_application_serverMatch3.1sp1

invensyswonderware_application_serverMatch3.1.201sp2

CPENameOperatorVersion
invensys:dasabcipinvensys dasabciple4.1
invensys:daserver_runtime_componentsinvensys daserver runtime componentsle3.0
invensys:dassidirectinvensys dassidirectle2.0
invensys:intouch\/wonderware_application_serverinvensys intouch/wonderware application serverle10.0
invensys:wonderware_application_serverinvensys wonderware application serverle3.1
invensys:wonderware_application_serverinvensys wonderware application servereq3.0
invensys:wonderware_application_serverinvensys wonderware application servereq3.0.200
invensys:wonderware_application_serverinvensys wonderware application servereq3.1.201

CPE	Name	Operator	Version
invensys:dasabcip	invensys dasabcip	le	4.1
invensys:daserver_runtime_components	invensys daserver runtime components	le	3.0
invensys:dassidirect	invensys dassidirect	le	2.0
invensys:intouch\/wonderware_application_server	invensys intouch/wonderware application server	le	10.0
invensys:wonderware_application_server	invensys wonderware application server	le	3.1
invensys:wonderware_application_server	invensys wonderware application server	eq	3.0
invensys:wonderware_application_server	invensys wonderware application server	eq	3.0.200
invensys:wonderware_application_server	invensys wonderware application server	eq	3.1.201

References

secunia.com/advisories/49173

www.securityfocus.com/bid/53563

www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2012-3007

prion2 nvd2 ics1 cvelist2 cve1