Sign-up

ID

VAR-200711-0210


CVE

CVE-2007-6033


TITLE

Invensys Wonderware InTouch creates insecure NetDDE share

Trust: 0.8

sources: CERT/CC: VU#138633

DESCRIPTION

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share. Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer. InTouch 8.0 is vulnerable. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Invensys Wonderware InTouch Insecure NetDDE Share Permissions Security Issue SECUNIA ADVISORY ID: SA27751 VERIFY ADVISORY: http://secunia.com/advisories/27751/ CRITICAL: Less critical IMPACT: System access WHERE: >From local network SOFTWARE: Invensys Wonderware InTouch 8.x http://secunia.com/product/16628/ DESCRIPTION: A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system. The security issue is reported in version 8.0. SOLUTION: Apply updates or upgrade to version 9.0 or later (see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Discovered by Neutralbit and reported via US-CERT with assistance from Digital Bond. ORIGINAL ADVISORY: Wonderware: http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804 US-CERT VU#138633: http://www.kb.cert.org/vuls/id/138633 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.97

sources: NVD: CVE-2007-6033 // CERT/CC: VU#138633 // JVNDB: JVNDB-2007-006343 // BID: 26496 // IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d // VULMON: CVE-2007-6033 // PACKETSTORM: 61250

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:wonderwaremodel:intouchscope:eqversion:8.0

Trust: 2.7

vendor:invensysmodel: - scope: - version: -

Trust: 0.8

vendor:takebishimodel: - scope: - version: -

Trust: 0.8

vendor:wonderwaremodel:intouchscope:eqversion: -

Trust: 0.8

vendor:intouchmodel: - scope:eqversion:8.0

Trust: 0.2

sources: IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#138633 // BID: 26496 // JVNDB: JVNDB-2007-006343 // CNNVD: CNNVD-200711-272 // NVD: CVE-2007-6033

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-6033
value: HIGH

Trust: 1.8

CARNEGIE MELLON: VU#138633
value: 0.57

Trust: 0.8

CNNVD: CNNVD-200711-272
value: CRITICAL

Trust: 0.6

IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULMON: CVE-2007-6033
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: TRUE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2007-6033
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2007-6033
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#138633 // VULMON: CVE-2007-6033 // JVNDB: JVNDB-2007-006343 // CNNVD: CNNVD-200711-272 // NVD: CVE-2007-6033

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2007-006343 // NVD: CVE-2007-6033

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-272

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200711-272

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-6033

PATCH
title:Top Pageurl:http://global.wonderware.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-006343

EXTERNAL IDS
db:NVDid:CVE-2007-6033
Trust: 3.8
db:CERT/CCid:VU#138633
Trust: 3.7
db:SECUNIAid:27751
Trust: 2.7
db:BIDid:26496
Trust: 2.0
db:OSVDBid:42398
Trust: 1.7
db:CNNVDid:CNNVD-200711-272
Trust: 0.8
db:JVNDBid:JVNDB-2007-006343
Trust: 0.8
db:IVDid:2424B4DC-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULMONid:CVE-2007-6033
Trust: 0.1
db:PACKETSTORMid:61250
Trust: 0.1
sources:
            
            
            IVD: 2424b4dc-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CERT/CC: VU#138633 // 
            
            
            
            VULMON: CVE-2007-6033 // 
            
            
            
            BID: 26496 // 
            
            
            
            JVNDB: JVNDB-2007-006343 // 
            
            
            
            PACKETSTORM: 61250 // 
            
            
            
            CNNVD: CNNVD-200711-272 // 
            
            
            
            NVD: CVE-2007-6033

REFERENCES
url:http://www.kb.cert.org/vuls/id/138633
Trust: 3.0
url:http://pacwest.wonderware.com/web/news/newsdetails.aspx?newsthreadid=2&newsid=201804
Trust: 2.9
url:http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/
Trust: 2.5
url:http://www.securityfocus.com/bid/26496
Trust: 1.8
url:http://secunia.com/advisories/27751
Trust: 1.7
url:http://osvdb.org/42398
Trust: 1.7
url:http://secunia.com/advisories/27751/
Trust: 0.9
url:http://us.wonderware.com/aboutus/whoweare/contactus.htm
Trust: 0.8
url:http://blogs.msdn.com/nickkramer/archive/2006/04/18/577962.aspx
Trust: 0.8
url:http://msdn2.microsoft.com/en-us/library/ms648711.aspx
Trust: 0.8
url:http://support.microsoft.com/default.aspx?scid=kb;en-us;125703
Trust: 0.8
url:http://lists.immunitysec.com/pipermail/dailydave/2004-october/001014.html
Trust: 0.8
url:http://www.digitalbond.com/index.php/2008/01/29/vulnerable-netdde-shares-lead-to-complete-system-compromise/
Trust: 0.8
url:http://www.digitalbond.com/wiki/index.php/invensys_wonderware_intouch_creates_insecure_netdde_share
Trust: 0.8
url:http://technet2.microsoft.com/windowsserver/en/library/2c82586e-bd58-42b7-9976-228a23721e351033.mspx
Trust: 0.8
url:http://support.microsoft.com/kb/278259
Trust: 0.8
url:http://support.microsoft.com/kb/243330
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6033
Trust: 0.8
url:http://us.wonderware.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/16628/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#138633 // 
            
            
            
            VULMON: CVE-2007-6033 // 
            
            
            
            BID: 26496 // 
            
            
            
            JVNDB: JVNDB-2007-006343 // 
            
            
            
            PACKETSTORM: 61250 // 
            
            
            
            CNNVD: CNNVD-200711-272 // 
            
            
            
            NVD: CVE-2007-6033

CREDITS
Neutralbit, with assistance from Digital Bond, discovered this issue.
Trust: 0.9
sources:
            
            
            BID: 26496 // 
            
            
            
            CNNVD: CNNVD-200711-272

SOURCES
db:IVDid:2424b4dc-2352-11e6-abef-000c29c66e3d
db:CERT/CCid:VU#138633
db:VULMONid:CVE-2007-6033
db:BIDid:26496
db:JVNDBid:JVNDB-2007-006343
db:PACKETSTORMid:61250
db:CNNVDid:CNNVD-200711-272
db:NVDid:CVE-2007-6033

LAST UPDATE DATE
2024-02-22T23:05:04.317000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#138633date:2008-02-26T00:00:00
db:VULMONid:CVE-2007-6033date:2008-11-15T00:00:00
db:BIDid:26496date:2007-12-18T20:06:00
db:JVNDBid:JVNDB-2007-006343date:2024-02-22T05:18:00
db:CNNVDid:CNNVD-200711-272date:2007-11-20T00:00:00
db:NVDid:CVE-2007-6033date:2024-01-25T21:37:04.507

SOURCES RELEASE DATE
db:IVDid:2424b4dc-2352-11e6-abef-000c29c66e3ddate:2007-11-19T00:00:00
db:CERT/CCid:VU#138633date:2007-11-19T00:00:00
db:VULMONid:CVE-2007-6033date:2007-11-20T00:00:00
db:BIDid:26496date:2007-11-19T00:00:00
db:JVNDBid:JVNDB-2007-006343date:2012-12-20T00:00:00
db:PACKETSTORMid:61250date:2007-11-27T03:39:45
db:CNNVDid:CNNVD-200711-272date:2007-11-19T00:00:00
db:NVDid:CVE-2007-6033date:2007-11-20T02:46:00