Lucene search

[email protected]NVD:CVE-2012-3007

HistoryJul 05, 2012 - 3:23 a.m.

CVE-2012-3007

2012-07-0503:23:18

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.

Affected configurations

NVD

Node

invensysdasabcipRange≤4.1sp1

invensysdasabcipMatch4.1

invensysdaserver_runtime_componentsRange≤3.0sp1

invensysdaserver_runtime_componentsMatch3.0

invensysdassidirectRange≤2.0

invensysintouch\/wonderware_application_serverRange≤10.0

invensyswonderware_application_serverRange≤3.1sp2

invensyswonderware_application_serverMatch3.0

invensyswonderware_application_serverMatch3.0.200sp2

invensyswonderware_application_serverMatch3.1

invensyswonderware_application_serverMatch3.1sp1

invensyswonderware_application_serverMatch3.1.201sp2

References

secunia.com/advisories/49173

www.securityfocus.com/bid/53563

www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for NVD:CVE-2012-3007

ics1 cvelist2 cve2 prion2 nvd1