CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
0.4%
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Vendor | Product | Version | CPE |
---|---|---|---|
invensys | foxboro_control_software | 3.1 | cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:* |
invensys | foxboro_control_software | 4.0 | cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:* |
invensys | infusion_ce\/fe\/scada | * | cpe:2.3:a:invensys:infusion_ce\/fe\/scada:*:*:*:*:*:*:*:* |
invensys | intouch | * | cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:* |
invensys | intouch\/wonderware_application_server | * | cpe:2.3:a:invensys:intouch\/wonderware_application_server:*:*:*:*:*:*:*:* |
invensys | intouch\/wonderware_application_server | 10.0 | cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:*:*:*:*:*:*:* |
invensys | intouch\/wonderware_application_server | 10.5 | cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:*:*:*:*:*:*:* |
invensys | wonderware_historian | * | cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:* |
invensys | wonderware_historian | 10.0 | cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:* |
invensys | wonderware_inbatch | * | cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:* |