Lucene search

[email protected]NVD:CVE-2012-0257

HistoryApr 02, 2012 - 8:55 p.m.

CVE-2012-0257

2012-04-0220:55:02

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.041

Percentile

92.1%

JSON

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite.

Affected configurations

Nvd

Node

invensysarchestra_application_object_toolkitRange≤3.2

invensysfoxboro_control_softwareRange≤3.1

invensysinfusion_control_editionRange≤2.5

invensysinfusion_foundation_editionRange≤2.5

invensysinfusion_scadaRange≤2.5

invensysintouchMatch10.0

invensysintouchMatch10.5

invensyswonderware_application_serverRange≤2012

invensyswonderware_information_serverRange≤4.5

invensyswonderware_information_serverMatch3.1

invensyswonderware_information_serverMatch4.0

invensyswonderware_information_serverMatch4.0sp1

VendorProductVersionCPE
invensysarchestra_application_object_toolkit*cpe:2.3:a:invensys:archestra_application_object_toolkit:*:*:*:*:*:*:*:*
invensysfoxboro_control_software*cpe:2.3:a:invensys:foxboro_control_software:*:*:*:*:*:*:*:*
invensysinfusion_control_edition*cpe:2.3:a:invensys:infusion_control_edition:*:*:*:*:*:*:*:*
invensysinfusion_foundation_edition*cpe:2.3:a:invensys:infusion_foundation_edition:*:*:*:*:*:*:*:*
invensysinfusion_scada*cpe:2.3:a:invensys:infusion_scada:*:*:*:*:*:*:*:*
invensysintouch10.0cpe:2.3:a:invensys:intouch:10.0:*:*:*:*:*:*:*
invensysintouch10.5cpe:2.3:a:invensys:intouch:10.5:*:*:*:*:*:*:*
invensyswonderware_application_server*cpe:2.3:a:invensys:wonderware_application_server:*:*:*:*:*:*:*:*
invensyswonderware_information_server*cpe:2.3:a:invensys:wonderware_information_server:*:*:*:*:*:*:*:*
invensyswonderware_information_server3.1cpe:2.3:a:invensys:wonderware_information_server:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
invensys	archestra_application_object_toolkit	*	cpe:2.3:a:invensys:archestra_application_object_toolkit::::::::
invensys	foxboro_control_software	*	cpe:2.3:a:invensys:foxboro_control_software::::::::
invensys	infusion_control_edition	*	cpe:2.3:a:invensys:infusion_control_edition::::::::
invensys	infusion_foundation_edition	*	cpe:2.3:a:invensys:infusion_foundation_edition::::::::
invensys	infusion_scada	*	cpe:2.3:a:invensys:infusion_scada::::::::
invensys	intouch	10.0	cpe:2.3:a:invensys:intouch:10.0:::::::*
invensys	intouch	10.5	cpe:2.3:a:invensys:intouch:10.5:::::::*
invensys	wonderware_application_server	*	cpe:2.3:a:invensys:wonderware_application_server::::::::
invensys	wonderware_information_server	*	cpe:2.3:a:invensys:wonderware_information_server::::::::
invensys	wonderware_information_server	3.1	cpe:2.3:a:invensys:wonderware_information_server:3.1:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/80891

secunia.com/advisories/48675

www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf

wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

High

EPSS

0.041

Percentile

92.1%

JSON

Related for NVD:CVE-2012-0257

cve1 prion1 cvelist1 ics1