Details of VAR-201108-0126

ID

VAR-201108-0126

CVE

CVE-2011-3141

TITLE

Invensys Wonderware inBatch BatchField ActiveX Control Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5395 // CNNVD: CNNVD-201108-284

DESCRIPTION

Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Invensys Wonderware inBatch is an industrial batch management software. There are three security vulnerabilities in Invensys Wonderware inBatch that exist in the GUIControls, BatchObjSrv, and BatchSecCtrl controls. Submitting a long string value to the property/method referenced by the control, enticing the client user to resolve, can trigger a denial of service attack, and successfully exploiting the vulnerability can execute arbitrary code in the context of the logged in user. Wonderware InBatch is prone to a denial-of-service vulnerability. Invensys Wonderware inBatch is prone to a remote stack-based buffer-overflow vulnerability that affects the inBatch BatchField ActiveX control. Failed exploit attempts will result in a denial-of-service condition. Invensys Wonderware inBatch 8.1 and 9.0 SP1 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Wonderware InBatch BatchField ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44336 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44336/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44336 RELEASE DATE: 2011-05-04 DISCUSS ADVISORY: http://secunia.com/advisories/44336/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44336/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44336 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wonderware InBatch, which can be exploited by malicious people to compromise a user's system. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply updates. Contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jeremy Brown. ORIGINAL ADVISORY: Wonderware: http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.78

sources: NVD: CVE-2011-3141 // JVNDB: JVNDB-2011-003493 // CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395 // BID: 78442 // BID: 47385 // IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // VULHUB: VHN-51086 // PACKETSTORM: 101097

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395

AFFECTED PRODUCTS

vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0	Trust: 4.2
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	8.1	Trust: 3.3
vendor:	invensys	model:	wonderware inbatch sp1	scope:	eq	version:	9.0	Trust: 1.8
vendor:	invensys	model:	wonderware inbatch sp1	scope:	eq	version:	8.1	Trust: 1.2
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	8.1 sp1	Trust: 0.8
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0 sp1	Trust: 0.8
vendor:	invensys	model:	wonderware inbatch sp2	scope:	eq	version:	9.0	Trust: 0.6
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.5	Trust: 0.6
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	9.0	Trust: 0.4
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	8.1	Trust: 0.2
vendor:	invensys	model:	wonderware inbatch sp1	scope:	eq	version:	8.1*	Trust: 0.2
vendor:	invensys	model:	wonderware inbatch sp1	scope:	eq	version:	9.0*	Trust: 0.2
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0*	Trust: 0.2

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395 // BID: 78442 // BID: 47385 // JVNDB: JVNDB-2011-003493 // CNNVD: CNNVD-201108-284 // NVD: CVE-2011-3141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3141
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-3141
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201108-284
value:	CRITICAL
Trust: 0.6
IVD:	b6665ac4-2354-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	4a2b4532-1f98-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-51086
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-3141
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	b6665ac4-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	4a2b4532-1f98-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0 [IVD]
Trust: 0.2
VULHUB:	VHN-51086
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // VULHUB: VHN-51086 // JVNDB: JVNDB-2011-003493 // CNNVD: CNNVD-201108-284 // NVD: CVE-2011-3141

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-51086 // JVNDB: JVNDB-2011-003493 // NVD: CVE-2011-3141

THREAT TYPE

network

Trust: 0.6

sources: BID: 78442 // BID: 47385

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201108-284

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003493

PATCH

title:	Tech Alert 141	url:	http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf	Trust: 0.8
title:	ハードウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_HardwarePartners.aspx	Trust: 0.8
title:	ソフトウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_SoftwarePartners.aspx	Trust: 0.8
title:	Top Page	url:	http://iom.invensys.com/JP/Pages/home.aspx	Trust: 0.8
title:	Invensys Wonderware inBatch BatchField ActiveX Control Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/3552	Trust: 0.6
title:	Invensys Wonderware inBatch BatchField ActiveX Control Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/6425	Trust: 0.6

sources: CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395 // JVNDB: JVNDB-2011-003493

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-11-094-01	Trust: 3.7
db:	NVD	id:	CVE-2011-3141	Trust: 3.6
db:	SECUNIA	id:	44336	Trust: 1.8
db:	OSVDB	id:	72182	Trust: 1.7
db:	CNNVD	id:	CNNVD-201108-284	Trust: 0.9
db:	BID	id:	47385	Trust: 0.9
db:	CNVD	id:	CNVD-2011-5395	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1472	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003493	Trust: 0.8
db:	ICS CERT	id:	ICSA-11-332-01	Trust: 0.6
db:	BID	id:	78442	Trust: 0.4
db:	IVD	id:	B6665AC4-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	4A2B4532-1F98-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-51086	Trust: 0.1
db:	PACKETSTORM	id:	101097	Trust: 0.1

sources: IVD: b6665ac4-2354-11e6-abef-000c29c66e3d // IVD: 4a2b4532-1f98-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395 // VULHUB: VHN-51086 // BID: 78442 // BID: 47385 // JVNDB: JVNDB-2011-003493 // PACKETSTORM: 101097 // CNNVD: CNNVD-201108-284 // NVD: CVE-2011-3141

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-094-01.pdf	Trust: 3.1
url:	http://iom.invensys.com/en/pdflibrary/final.tech.alert.141.pdf	Trust: 2.4
url:	http://www.osvdb.org/72182	Trust: 1.7
url:	http://secunia.com/advisories/44336	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3141	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3141	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-094-01.pdfhttp	Trust: 0.6
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-332-01.pdf	Trust: 0.6
url:	http://global.wonderware.com/en/pages/default.aspx	Trust: 0.3
url:	http://secunia.com/advisories/44336/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44336	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/44336/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-1472 // CNVD: CNVD-2011-5395 // VULHUB: VHN-51086 // BID: 78442 // BID: 47385 // JVNDB: JVNDB-2011-003493 // PACKETSTORM: 101097 // CNNVD: CNNVD-201108-284 // NVD: CVE-2011-3141

CREDITS

Unknown

Trust: 0.3

sources: BID: 78442

SOURCES

db:	IVD	id:	b6665ac4-2354-11e6-abef-000c29c66e3d
db:	IVD	id:	4a2b4532-1f98-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1472
db:	CNVD	id:	CNVD-2011-5395
db:	VULHUB	id:	VHN-51086
db:	BID	id:	78442
db:	BID	id:	47385
db:	JVNDB	id:	JVNDB-2011-003493
db:	PACKETSTORM	id:	101097
db:	CNNVD	id:	CNNVD-201108-284
db:	NVD	id:	CVE-2011-3141

LAST UPDATE DATE

2025-04-11T22:59:23.762000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1472	date:	2011-04-18T00:00:00
db:	CNVD	id:	CNVD-2011-5395	date:	2011-12-22T00:00:00
db:	VULHUB	id:	VHN-51086	date:	2012-03-16T00:00:00
db:	BID	id:	78442	date:	2011-08-16T00:00:00
db:	BID	id:	47385	date:	2011-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-003493	date:	2012-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201108-284	date:	2011-08-17T00:00:00
db:	NVD	id:	CVE-2011-3141	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	b6665ac4-2354-11e6-abef-000c29c66e3d	date:	2011-12-22T00:00:00
db:	IVD	id:	4a2b4532-1f98-11e6-abef-000c29c66e3d	date:	2011-04-18T00:00:00
db:	CNVD	id:	CNVD-2011-1472	date:	2011-04-18T00:00:00
db:	CNVD	id:	CNVD-2011-5395	date:	2011-12-22T00:00:00
db:	VULHUB	id:	VHN-51086	date:	2011-08-16T00:00:00
db:	BID	id:	78442	date:	2011-08-16T00:00:00
db:	BID	id:	47385	date:	2011-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-003493	date:	2011-12-22T00:00:00
db:	PACKETSTORM	id:	101097	date:	2011-05-04T07:07:11
db:	CNNVD	id:	CNNVD-201108-284	date:	2011-08-17T00:00:00
db:	NVD	id:	CVE-2011-3141	date:	2011-08-16T21:55:01.083