Lucene search

[email protected]NVD:CVE-2012-3005

HistoryJul 26, 2012 - 10:41 a.m.

CVE-2012-3005

2012-07-2610:41:47

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

Percentile

0.4%

JSON

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

Nvd

Node

invensysfoxboro_control_softwareMatch3.1

invensysfoxboro_control_softwareMatch4.0

invensysinfusion_ce\/fe\/scadaRange≤2.5

invensysintouchRange≤2012

invensysintouch\/wonderware_application_serverRange≤2012

invensysintouch\/wonderware_application_serverMatch10.0

invensysintouch\/wonderware_application_serverMatch10.5

invensyswonderware_historianRange≤10.0sp1

invensyswonderware_historianMatch10.0

invensyswonderware_inbatchRange≤9.5sp1

invensyswonderware_information_serverRange≤4.5

invensyswonderware_information_serverMatch3.1

invensyswonderware_information_serverMatch4.0

invensyswonderware_information_serverMatch4.0sp1

VendorProductVersionCPE
invensysfoxboro_control_software3.1cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:*
invensysfoxboro_control_software4.0cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:*
invensysinfusion_ce\/fe\/scada*cpe:2.3:a:invensys:infusion_ce\/fe\/scada:*:*:*:*:*:*:*:*
invensysintouch*cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server*cpe:2.3:a:invensys:intouch\/wonderware_application_server:*:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server10.0cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:*:*:*:*:*:*:*
invensysintouch\/wonderware_application_server10.5cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:*:*:*:*:*:*:*
invensyswonderware_historian*cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:*
invensyswonderware_historian10.0cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:*
invensyswonderware_inbatch*cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
invensys	foxboro_control_software	3.1	cpe:2.3:a:invensys:foxboro_control_software:3.1:::::::*
invensys	foxboro_control_software	4.0	cpe:2.3:a:invensys:foxboro_control_software:4.0:::::::*
invensys	infusion_ce\/fe\/scada	*	cpe:2.3:a:invensys:infusion_ce\/fe\/scada::::::::
invensys	intouch	*	cpe:2.3:a:invensys:intouch::::::::
invensys	intouch\/wonderware_application_server	*	cpe:2.3:a:invensys:intouch\/wonderware_application_server::::::::
invensys	intouch\/wonderware_application_server	10.0	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:::::::*
invensys	intouch\/wonderware_application_server	10.5	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:::::::*
invensys	wonderware_historian	*	cpe:2.3:a:invensys:wonderware_historian::sp1::::::*
invensys	wonderware_historian	10.0	cpe:2.3:a:invensys:wonderware_historian:10.0:::::::*
invensys	wonderware_inbatch	*	cpe:2.3:a:invensys:wonderware_inbatch::sp1::::::*

Rows per page:

1-10 of 141

References

www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2012-3005

prion1 cvelist1 cve1 ics1