CVE-2012-2429

The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2012-2426

The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via unspecified vectors...

CVE-2012-2427

Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation...

CVE-2012-2428

Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation...

The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.

The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...