ID
VAR-E-200711-0386
CVE
cve_id: | CVE-2007-6033 | Trust: 0.3 |
TITLE
Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
Trust: 0.3
DESCRIPTION
Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share.
Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer.
InTouch 8.0 is vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | wonderware | model: | intouch | scope: | eq | version: | 8.0 | Trust: 0.3 |
EXPLOIT
To exploit this issue, an attacker can use readily available NetDDE utilities.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Neutralbit, with assistance from Digital Bond, discovered this issue.
Trust: 0.3
EXTERNAL IDS
db: | CERT/CC | id: | VU#138633 | Trust: 0.3 |
db: | NVD | id: | CVE-2007-6033 | Trust: 0.3 |
db: | BID | id: | 26496 | Trust: 0.3 |
REFERENCES
url: | http://pacwest.wonderware.com/web/news/newsdetails.aspx?newsthreadid=2&newsid=201804 | Trust: 0.3 |
url: | http://us.wonderware.com/ | Trust: 0.3 |
url: | http://www.kb.cert.org/vuls/id/138633 | Trust: 0.3 |
SOURCES
db: | BID | id: | 26496 |
LAST UPDATE DATE
2022-07-27T09:20:17.540000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 26496 | date: | 2007-12-18T20:06:00 |
SOURCES RELEASE DATE
db: | BID | id: | 26496 | date: | 2007-11-19T00:00:00 |