Lucene search

[email protected]NVD:CVE-2012-4709

HistoryOct 13, 2013 - 10:20 a.m.

CVE-2012-4709

2013-10-1310:20:02

CWE-119

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

invensyswonderware_intouchRange≤2012r2

References

ics-cert.us-cert.gov/advisories/ICSA-13-276-01

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for NVD:CVE-2012-4709

ics1 cve1 prion1 cvelist1