116 matches found
CVE-2012-0226
Invensys Wonderware Information Server 4.0 SP1 and 4.5 Portal/Client are affected by CVE-2012-0226, a SQL injection vulnerability that could allow a remote attacker to execute arbitrary SQL commands via unspecified vectors. The ICS-CERT advisory confirms multiple vulnerabilities in these products...
CVE-2012-0258
The CVE-2012-0258 issue is a heap-based buffer overflow in the WWCabFile ActiveX Component used by Wonderware System Platform and related products (Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Informatio...
CVE-2012-0228
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors...
CVE-2012-0225
Cross-site scripting XSS vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-0257
The CVE-2012-0257 issue is a heap-based buffer overflow in the WWCabFile ActiveX component used by Wonderware System Platform and several associated products (e.g., Wonderware Application Server 2012, Foxboro Control Software 3.1, InFusion CE/FE/SCADA 2.5, Wonderware Information Server 4.5, Arche...
Invensys Wonderware InTouch 10 DLL Hijack
Overview ICS-CERT originally released Advisory ICSA-12-177-01P on the US-CERT Portal on July 05, 2012. This web page release was delayed to provide the vendor time to contact customers concerning this information. Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled...
Wonderware SuiteLink Unallocated Unicode String Vulnerability
Overview This Advisory is a follow-up to the original ICS-CERT Alert titled ICS-ALERT-12-136-01 Wonderware SuiteLink Unallocated Unicode String that was published May 15, 2012 on the ICS-CERT web page. Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string...
CVE-2011-4038
Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...
Cross site scripting
Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...
CVE-2011-4038
Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2011-4038
The CVE-2011-4038 issue is an XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0 and other products. The vulnerability arises from lack of proper validation of certain parameters, allowing remote attackers to inj...
CVE-2011-4039
CVE-2011-4039 affects Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0, with a write access violation that can execute arbitrary code. Exploitation requires user action (opening a specially crafted file) and is not fully remote; XS...
CVE-2011-4870
Multiple buffer overflows in the 1 GUIControls, 2 BatchObjSrv, and 3 BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property...
Wonderware InBatch ActiveX Vulnerabilities
Overview ICS-CERT originally released advisory “ICSA-11-332-01P—Invensys Wonderware InBatch ActiveX Vulnerabilities” in the US-CERT secure portal on November 28, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the...
Buffer overflow
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
CVE-2011-3141
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
Stack overflow
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via two unspecified ActiveX controls...
CVE-2011-2962
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via two unspecified ActiveX controls...