Lucene search
+L

116 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:48 a.m.8 views

CVE-2011-3141

Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

9.3CVSS8.4AI score0.04047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 a.m.9 views

CVE-2011-4039

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...

9.3CVSS8AI score0.04282EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:32 a.m.8 views

CVE-2013-0688

Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.9 views

CVE-2013-0685

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...

9.3CVSS8.2AI score0.03287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.8 views

CVE-2013-0684

SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.8AI score0.0126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:30 a.m.11 views

CVE-2012-3005

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse...

6.9CVSS6.9AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:50 a.m.11 views

CVE-2012-4710

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...

9.3CVSS7.2AI score0.02078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:50 a.m.10 views

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

6.9CVSS7.2AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:49 a.m.9 views

CVE-2012-4693

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Pssecurity.ini, which makes it easier for local users to discover passwords by reading this file...

1.9CVSS6.6AI score0.00228EPSS
Exploits0References1
ICS
ICS
added 2015/11/27 7:0 a.m.27 views

Schneider Electric Invensys Positioner Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...

6.9CVSS7.6AI score0.00345EPSS
Exploits0References10
CVE
CVE
added 2015/03/14 1:0 a.m.41 views

CVE-2014-9206

The vulnerability CVE-2014-9206 affects Schneider Electric Invensys SRD Control Valve Positioner DTM software (DTM 3.1.6 and earlier) used with SRD 960/991. It is a stack-based buffer overflow in a DLL that could allow a local attacker to gain privileges by loading a malformed DLL. Connected advi...

6.9CVSS7.3AI score0.00345EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2013/12/10 7:0 a.m.50 views

Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability

Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...

9.3CVSS6.6AI score0.02078EPSS
Exploits0References10
NVD
NVD
added 2013/10/13 10:20 a.m.15 views

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

6.9CVSS6.9AI score0.00628EPSS
Exploits0References1
Prion
Prion
added 2013/10/13 10:20 a.m.18 views

Xxe

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

6.9CVSS7.4AI score0.00628EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/10/13 10:0 a.m.49 views

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier are affected by CVE-2012-4709 due to unsafe XML external entity handling (XXE). An attacker could craft an XML document with an external entity and cause the application to read local or remote files, send HTTP requests to intranet resources, or...

6.9CVSS7.1AI score0.00628EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/10/13 10:0 a.m.24 views

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...

6.9AI score0.00628EPSS
Exploits0References1
ICS
ICS
added 2013/07/06 6:0 a.m.35 views

Invensys Wonderware InTouch Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application. Independent...

6.9CVSS6.4AI score0.00628EPSS
Exploits0References10
NVD
NVD
added 2013/05/09 12:31 p.m.23 views

CVE-2013-0688

Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01012EPSS
Exploits0References1
NVD
NVD
added 2013/05/09 12:31 p.m.19 views

CVE-2013-0684

SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.3AI score0.0126EPSS
Exploits0References1
NVD
NVD
added 2013/05/09 12:31 p.m.22 views

CVE-2013-0685

Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...

9.3CVSS7.9AI score0.03287EPSS
Exploits0References1
Rows per page
Query Builder