Lucene search
+L

116 matches found

cve
cve
added 2012/04/02 8:0 p.m.50 views

CVE-2012-0226

Invensys Wonderware Information Server 4.0 SP1 and 4.5 Portal/Client are affected by CVE-2012-0226, a SQL injection vulnerability that could allow a remote attacker to execute arbitrary SQL commands via unspecified vectors. The ICS-CERT advisory confirms multiple vulnerabilities in these products...

7.5CVSS8.6AI score0.01725EPSS
Exploits0References7Affected Software1
cve
cve
added 2012/04/02 8:0 p.m.57 views

CVE-2012-0258

The CVE-2012-0258 issue is a heap-based buffer overflow in the WWCabFile ActiveX Component used by Wonderware System Platform and related products (Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Informatio...

6.8CVSS8.3AI score0.03197EPSS
Exploits0References4Affected Software8
cvelist
cvelist
added 2012/04/02 8:0 p.m.22 views

CVE-2012-0228

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors...

6.7AI score0.02188EPSS
Exploits0References6
cvelist
cvelist
added 2012/04/02 8:0 p.m.21 views

CVE-2012-0225

Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01522EPSS
Exploits0References7
cve
cve
added 2012/04/02 8:0 p.m.54 views

CVE-2012-0257

The CVE-2012-0257 issue is a heap-based buffer overflow in the WWCabFile ActiveX component used by Wonderware System Platform and several associated products (e.g., Wonderware Application Server 2012, Foxboro Control Software 3.1, InFusion CE/FE/SCADA 2.5, Wonderware Information Server 4.5, Arche...

6.8CVSS8.3AI score0.03197EPSS
Exploits0References4Affected Software8
ics
ics
added 2012/03/29 6:0 a.m.94 views

Invensys Wonderware InTouch 10 DLL Hijack

Overview ICS-CERT originally released Advisory ICSA-12-177-01P on the US-CERT Portal on July 05, 2012. This web page release was delayed to provide the vendor time to contact customers concerning this information. Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled...

6.9CVSS6.8AI score0.00447EPSS
Exploits0References10
ics
ics
added 2012/03/23 6:0 a.m.53 views

Wonderware SuiteLink Unallocated Unicode String Vulnerability

Overview This Advisory is a follow-up to the original ICS-CERT Alert titled ICS-ALERT-12-136-01 Wonderware SuiteLink Unallocated Unicode String that was published May 15, 2012 on the ICS-CERT web page. Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string...

5CVSS6.8AI score0.02153EPSS
Exploits0References10
nvd
nvd
added 2012/02/10 7:55 p.m.18 views

CVE-2011-4038

Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.8AI score0.01397EPSS
Exploits0References4
nvd
nvd
added 2012/02/10 7:55 p.m.26 views

CVE-2011-4039

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...

9.3CVSS7.6AI score0.04282EPSS
Exploits0References4
prion
prion
added 2012/02/10 7:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS6.2AI score0.01397EPSS
Exploits0References4Affected Software2
cvelist
cvelist
added 2012/02/10 7:0 p.m.22 views

CVE-2011-4039

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...

7.6AI score0.04282EPSS
Exploits0References4
cvelist
cvelist
added 2012/02/10 7:0 p.m.28 views

CVE-2011-4038

Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

5.8AI score0.01397EPSS
Exploits0References4
cve
cve
added 2012/02/10 7:0 p.m.60 views

CVE-2011-4038

The CVE-2011-4038 issue is an XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0 and other products. The vulnerability arises from lack of proper validation of certain parameters, allowing remote attackers to inj...

4.3CVSS5.9AI score0.01397EPSS
Exploits0References4Affected Software2
cve
cve
added 2012/02/10 7:0 p.m.50 views

CVE-2011-4039

CVE-2011-4039 affects Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0, with a write access violation that can execute arbitrary code. Exploitation requires user action (opening a specially crafted file) and is not fully remote; XS...

9.3CVSS7.8AI score0.04282EPSS
Exploits0References4Affected Software2
nvd
nvd
added 2012/01/08 12:55 a.m.16 views

CVE-2011-4870

Multiple buffer overflows in the 1 GUIControls, 2 BatchObjSrv, and 3 BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property...

6.8CVSS7.6AI score0.02493EPSS
Exploits0References2
ics
ics
added 2011/08/31 6:0 a.m.62 views

Wonderware InBatch ActiveX Vulnerabilities

Overview ICS-CERT originally released advisory “ICSA-11-332-01P—Invensys Wonderware InBatch ActiveX Vulnerabilities” in the US-CERT secure portal on November 28, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the...

6.8CVSS8.2AI score0.02493EPSS
Exploits0References10
prion
prion
added 2011/08/16 9:55 p.m.11 views

Buffer overflow

Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

9.3CVSS8.4AI score0.04047EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2011/08/16 9:0 p.m.23 views

CVE-2011-3141

Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

8AI score0.04047EPSS
Exploits0References4
prion
prion
added 2011/07/29 7:55 p.m.14 views

Stack overflow

Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via two unspecified ActiveX controls...

9.3CVSS8.5AI score0.04564EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2011/07/29 7:0 p.m.14 views

CVE-2011-2962

Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via two unspecified ActiveX controls...

8AI score0.04564EPSS
Exploits0References4
Rows per page
Query Builder