Details of VAR-201107-0262

ID

VAR-201107-0262

CVE

CVE-2011-2962

TITLE

Invensys Wonderware Info Server ActiveX Control Unknown Remote Code Execution Vulnerability

Trust: 0.8

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3019

DESCRIPTION

Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. Invensys Wonderware Information Server is a key component of Wonderware's enterprise manufacturing intelligence solution. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. An attacker could build a malicious file or WEB page to trick the user into parsing to trigger this vulnerability. Invensys Wonderware Info Server is prone to a multiple unspecified remote code-esecution vulnerabilities in an unspecified ActiveX control. Failed exploit attempts will result in a denial-of-service condition. Invensys Wonderware Info Server versions 3.1, 4.0, and 4.0 SP1 are vulnerable. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Wonderware Information Server Unspecified ActiveX Controls Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA45476 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45476/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45476 RELEASE DATE: 2011-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/45476/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45476/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45476 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Wonderware Information Server, which can be exploited by malicious people to compromise a user's system. Successful exploitation may allow execution of arbitrary code. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: ICS-CERT (ICSA-11-195-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-195-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2011-2962 // JVNDB: JVNDB-2011-003491 // CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019 // BID: 48976 // IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // VULHUB: VHN-50907 // PACKETSTORM: 103718

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019

AFFECTED PRODUCTS

vendor:	invensys	model:	wonderware information server	scope:	eq	version:	4.0	Trust: 3.9
vendor:	invensys	model:	wonderware information server	scope:	eq	version:	3.1	Trust: 3.9
vendor:	invensys	model:	wonderware information server sp1	scope:	eq	version:	4.0	Trust: 0.9
vendor:	wonderware information server	model:	-	scope:	eq	version:	4.0	Trust: 0.8
vendor:	invensys	model:	wonderware information server	scope:	eq	version:	4.0 sp1	Trust: 0.8
vendor:	invensys	model:	wonderware information server 4.0:sp1	scope:	-	version:	-	Trust: 0.6
vendor:	wonderware information server	model:	-	scope:	eq	version:	3.1	Trust: 0.4

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019 // BID: 48976 // JVNDB: JVNDB-2011-003491 // CNNVD: CNNVD-201107-459 // NVD: CVE-2011-2962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2962
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2962
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201107-459
value:	CRITICAL
Trust: 0.6
IVD:	c2676200-2354-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	da232c00-1f8d-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-50907
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-2962
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	c2676200-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	da232c00-1f8d-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-50907
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // VULHUB: VHN-50907 // JVNDB: JVNDB-2011-003491 // CNNVD: CNNVD-201107-459 // NVD: CVE-2011-2962

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-50907 // JVNDB: JVNDB-2011-003491 // NVD: CVE-2011-2962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-459

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201107-459

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003491

PATCH

title:	Top Page	url:	http://global.wonderware.com/EN/Pages/default.aspx	Trust: 0.8
title:	ハードウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_HardwarePartners.aspx	Trust: 0.8
title:	ソフトウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_SoftwarePartners.aspx	Trust: 0.8
title:	Top Page	url:	http://iom.invensys.com/JP/Pages/home.aspx	Trust: 0.8
title:	Patch for Invensys Wonderware Information Server Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/4605	Trust: 0.6
title:	Patch for Invensys Wonderware Info Server ActiveX Control Unknown Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/4610	Trust: 0.6

sources: CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019 // JVNDB: JVNDB-2011-003491

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2962	Trust: 4.4
db:	ICS CERT	id:	ICSA-11-195-01	Trust: 3.5
db:	BID	id:	48976	Trust: 2.0
db:	SECUNIA	id:	45476	Trust: 1.3
db:	CNNVD	id:	CNNVD-201107-459	Trust: 1.1
db:	CNVD	id:	CNVD-2011-3019	Trust: 0.8
db:	CNVD	id:	CNVD-2011-2975	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003491	Trust: 0.8
db:	NSFOCUS	id:	17447	Trust: 0.6
db:	IVD	id:	C2676200-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	DA232C00-1F8D-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-50907	Trust: 0.1
db:	PACKETSTORM	id:	103718	Trust: 0.1

sources: IVD: c2676200-2354-11e6-abef-000c29c66e3d // IVD: da232c00-1f8d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019 // VULHUB: VHN-50907 // BID: 48976 // JVNDB: JVNDB-2011-003491 // PACKETSTORM: 103718 // CNNVD: CNNVD-201107-459 // NVD: CVE-2011-2962

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-195-01.pdf	Trust: 3.5
url:	http://www.securityfocus.com/bid/48976	Trust: 1.1
url:	http://secunia.com/advisories/45476	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/68988	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2962	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2962	Trust: 0.8
url:	http://www.securityfocus.com/bid/48976/info	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/17447	Trust: 0.6
url:	http://global.wonderware.com/en/pages/default.aspx	Trust: 0.3
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/blog/242	Trust: 0.1
url:	http://secunia.com/advisories/45476/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/45476/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=45476	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-2975 // CNVD: CNVD-2011-3019 // VULHUB: VHN-50907 // BID: 48976 // JVNDB: JVNDB-2011-003491 // PACKETSTORM: 103718 // CNNVD: CNNVD-201107-459 // NVD: CVE-2011-2962

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 48976

SOURCES

db:	IVD	id:	c2676200-2354-11e6-abef-000c29c66e3d
db:	IVD	id:	da232c00-1f8d-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-2975
db:	CNVD	id:	CNVD-2011-3019
db:	VULHUB	id:	VHN-50907
db:	BID	id:	48976
db:	JVNDB	id:	JVNDB-2011-003491
db:	PACKETSTORM	id:	103718
db:	CNNVD	id:	CNNVD-201107-459
db:	NVD	id:	CVE-2011-2962

LAST UPDATE DATE

2025-04-11T23:02:05.745000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-2975	date:	2011-08-03T00:00:00
db:	CNVD	id:	CNVD-2011-3019	date:	2011-08-04T00:00:00
db:	VULHUB	id:	VHN-50907	date:	2017-08-29T00:00:00
db:	BID	id:	48976	date:	2011-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2011-003491	date:	2012-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201107-459	date:	2011-08-01T00:00:00
db:	NVD	id:	CVE-2011-2962	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	c2676200-2354-11e6-abef-000c29c66e3d	date:	2011-08-04T00:00:00
db:	IVD	id:	da232c00-1f8d-11e6-abef-000c29c66e3d	date:	2011-08-03T00:00:00
db:	CNVD	id:	CNVD-2011-2975	date:	2011-08-03T00:00:00
db:	CNVD	id:	CNVD-2011-3019	date:	2011-08-04T00:00:00
db:	VULHUB	id:	VHN-50907	date:	2011-07-29T00:00:00
db:	BID	id:	48976	date:	2011-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2011-003491	date:	2011-12-22T00:00:00
db:	PACKETSTORM	id:	103718	date:	2011-08-04T02:56:21
db:	CNNVD	id:	CNNVD-201107-459	date:	2011-07-29T00:00:00
db:	NVD	id:	CVE-2011-2962	date:	2011-07-29T19:55:04.140