116 matches found
CVE-2011-3141
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...
CVE-2013-0688
Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-0685
Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...
CVE-2013-0684
SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-3005
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse...
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
CVE-2012-4693
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Pssecurity.ini, which makes it easier for local users to discover passwords by reading this file...
Schneider Electric Invensys Positioner Buffer Overflow Vulnerability
OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...
CVE-2014-9206
The vulnerability CVE-2014-9206 affects Schneider Electric Invensys SRD Control Valve Positioner DTM software (DTM 3.1.6 and earlier) used with SRD 960/991. It is a stack-based buffer overflow in a DLL that could allow a local attacker to gain privileges by loading a malformed DLL. Connected advi...
Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability
Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
Xxe
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier are affected by CVE-2012-4709 due to unsafe XML external entity handling (XXE). An attacker could craft an XML document with an external entity and cause the application to read local or remote files, send HTTP requests to intranet resources, or...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
Invensys Wonderware InTouch Improper Input Validation Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application. Independent...
CVE-2013-0688
Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-0684
SQL injection vulnerability in Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-0685
Invensys Wonderware Information Server WIS 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service resource consumption via unknown vectors...