Details of VAR-201204-0163

ID

VAR-201204-0163

CVE

CVE-2012-0257

TITLE

plural Invensys Heap-based buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2012-001987

DESCRIPTION

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite. Invensys is a leading provider of automation and information technology, systems, software solutions, services and consulting for the manufacturing and infrastructure industries. Invensys WWCabFile AciveX component has a heap-based buffer overflow. Multiple Invensys products are prone to multiple heap-based buffer-overflow vulnerabilities. Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Invensys Products ActiveX Control Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA48675 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48675/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48675 RELEASE DATE: 2012-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/48675/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48675/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48675 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Invensys products, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. * Invensys Wonderware InTouch versions 10.0 through 10.5. SOLUTION: Install patch. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Celil Unuver, SignalSec Corporation. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf Wonderware (requires login): https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-0257 // JVNDB: JVNDB-2012-001987 // CNVD: CNVD-2012-1690 // BID: 52835 // IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-53538 // PACKETSTORM: 111462

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1690

AFFECTED PRODUCTS

vendor:	invensys	model:	intouch	scope:	eq	version:	10.0	Trust: 2.5
vendor:	invensys	model:	intouch	scope:	eq	version:	10.5	Trust: 2.5
vendor:	invensys	model:	archestra application object toolkit	scope:	lte	version:	3.2	Trust: 1.8
vendor:	invensys	model:	foxboro control software	scope:	lte	version:	3.1	Trust: 1.8
vendor:	invensys	model:	infusion control edition	scope:	lte	version:	2.5	Trust: 1.8
vendor:	invensys	model:	infusion foundation edition	scope:	lte	version:	2.5	Trust: 1.8
vendor:	invensys	model:	infusion scada	scope:	lte	version:	2.5	Trust: 1.8
vendor:	invensys	model:	wonderware application server	scope:	lte	version:	2012	Trust: 1.8
vendor:	invensys	model:	wonderware information server	scope:	lte	version:	4.5	Trust: 1.8
vendor:	invensys	model:	wonderware information server	scope:	eq	version:	4.0	Trust: 1.6
vendor:	invensys	model:	wonderware information server	scope:	eq	version:	4.5	Trust: 1.5
vendor:	invensys	model:	foxboro control software	scope:	eq	version:	3.1	Trust: 1.5
vendor:	invensys	model:	archestra application object toolkit	scope:	eq	version:	3.2	Trust: 1.5
vendor:	invensys	model:	wonderware information server	scope:	eq	version:	3.1	Trust: 1.0
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	20120	Trust: 0.9
vendor:	invensys	model:	infusion ce/fe/scada	scope:	eq	version:	2.5	Trust: 0.9
vendor:	invensys	model:	intouch	scope:	eq	version:	10.0 to 10.5	Trust: 0.8
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	2012	Trust: 0.6
vendor:	invensys	model:	infusion control edition	scope:	eq	version:	2.5	Trust: 0.6
vendor:	invensys	model:	infusion scada	scope:	eq	version:	2.5	Trust: 0.6
vendor:	invensys	model:	infusion foundation edition	scope:	eq	version:	2.5	Trust: 0.6
vendor:	wonderware information server	model:	-	scope:	eq	version:	4.0	Trust: 0.4
vendor:	archestra application object toolkit	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	foxboro control	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	infusion control edition	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	infusion edition	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	infusion scada	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	intouch	model:	-	scope:	eq	version:	10.0	Trust: 0.2
vendor:	intouch	model:	-	scope:	eq	version:	10.5	Trust: 0.2
vendor:	wonderware application server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wonderware information server	model:	-	scope:	eq	version:	3.1	Trust: 0.2
vendor:	wonderware information server	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1690 // BID: 52835 // JVNDB: JVNDB-2012-001987 // CNNVD: CNNVD-201203-596 // NVD: CVE-2012-0257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-0257
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-0257
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201203-596
value:	MEDIUM
Trust: 0.6
IVD:	f9b5871a-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-53538
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-0257
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	f9b5871a-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-53538
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-53538 // JVNDB: JVNDB-2012-001987 // CNNVD: CNNVD-201203-596 // NVD: CVE-2012-0257

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-53538 // JVNDB: JVNDB-2012-001987 // NVD: CVE-2012-0257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-596

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201203-596

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001987

PATCH

title:	Top Page	url:	http://global.wonderware.com/EN/Pages/default.aspx	Trust: 0.8
title:	ハードウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_HardwarePartners.aspx	Trust: 0.8
title:	ソフトウェア・パートナー	url:	http://iom.invensys.com/JP/Pages/IOM_SoftwarePartners.aspx	Trust: 0.8
title:	Wonderware 日本のパートナー	url:	http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx	Trust: 0.8
title:	Wonderware Top Page	url:	http://iom.invensys.com/JP/Pages/home.aspx	Trust: 0.8
title:	Patch for Multiple Invensys Products Remote Heap Buffer Overflow Vulnerability (CNVD-2012-1690)	url:	https://www.cnvd.org.cn/patchInfo/show/15178	Trust: 0.6

sources: CNVD: CNVD-2012-1690 // JVNDB: JVNDB-2012-001987

EXTERNAL IDS

db:	NVD	id:	CVE-2012-0257	Trust: 3.6
db:	ICS CERT	id:	ICSA-12-081-01	Trust: 3.5
db:	SECUNIA	id:	48675	Trust: 1.9
db:	OSVDB	id:	80891	Trust: 1.1
db:	CNNVD	id:	CNNVD-201203-596	Trust: 0.9
db:	BID	id:	52835	Trust: 0.9
db:	CNVD	id:	CNVD-2012-1690	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-001987	Trust: 0.8
db:	IVD	id:	F9B5871A-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-53538	Trust: 0.1
db:	PACKETSTORM	id:	111462	Trust: 0.1

sources: IVD: f9b5871a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1690 // VULHUB: VHN-53538 // BID: 52835 // JVNDB: JVNDB-2012-001987 // PACKETSTORM: 111462 // CNNVD: CNNVD-201203-596 // NVD: CVE-2012-0257

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-081-01.pdf	Trust: 3.5
url:	https://wdnresource.wonderware.com/support/docs/_securitybulletins/security_bulletin_lfsec00000071.pdf	Trust: 1.8
url:	http://secunia.com/advisories/48675	Trust: 1.7
url:	http://osvdb.org/80891	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0257	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0257	Trust: 0.8
url:	http://www.securityfocus.com/bid/52835	Trust: 0.6
url:	http://global.wonderware.com/en/pages/default.aspx	Trust: 0.3
url:	http://secunia.com/advisories/48675/	Trust: 0.1
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.1
url:	http://secunia.com/advisories/48675/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=48675	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-1690 // VULHUB: VHN-53538 // BID: 52835 // JVNDB: JVNDB-2012-001987 // PACKETSTORM: 111462 // CNNVD: CNNVD-201203-596 // NVD: CVE-2012-0257

CREDITS

Celil Unuver of SignalSec Corporation

Trust: 0.9

sources: BID: 52835 // CNNVD: CNNVD-201203-596

SOURCES

db:	IVD	id:	f9b5871a-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-1690
db:	VULHUB	id:	VHN-53538
db:	BID	id:	52835
db:	JVNDB	id:	JVNDB-2012-001987
db:	PACKETSTORM	id:	111462
db:	CNNVD	id:	CNNVD-201203-596
db:	NVD	id:	CVE-2012-0257

LAST UPDATE DATE

2025-04-11T23:07:25.482000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-1690	date:	2012-04-01T00:00:00
db:	VULHUB	id:	VHN-53538	date:	2013-03-26T00:00:00
db:	BID	id:	52835	date:	2012-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-001987	date:	2012-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201203-596	date:	2012-04-01T00:00:00
db:	NVD	id:	CVE-2012-0257	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	f9b5871a-2353-11e6-abef-000c29c66e3d	date:	2012-04-01T00:00:00
db:	CNVD	id:	CNVD-2012-1690	date:	2012-04-01T00:00:00
db:	VULHUB	id:	VHN-53538	date:	2012-04-02T00:00:00
db:	BID	id:	52835	date:	2012-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-001987	date:	2012-04-04T00:00:00
db:	PACKETSTORM	id:	111462	date:	2012-04-02T05:26:16
db:	CNNVD	id:	CNNVD-201203-596	date:	2012-03-30T00:00:00
db:	NVD	id:	CVE-2012-0257	date:	2012-04-02T20:55:02.187