Sign-up

ID

VAR-201205-0142


CVE

CVE-2012-2426


TITLE

xArrow Denial of service vulnerability

Trust: 1.6

sources: IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8764 // CNNVD: CNNVD-201205-496

DESCRIPTION

The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. A vulnerability exists in the server in xArrow prior to 3.4.1, which was caused by incorrect memory allocation. xArrow is a lightweight but full-featured industrial configuration software for monitoring and controlling industrial systems. xArrow has multiple security vulnerabilities that allow an attacker to perform a denial of service attack. An attacker can send a malicious message, trigger an uncompressed NULL pointer, heap corruption, illegal read access, memory corruption, etc., which can cause the application to crash. xArrow is prone to multiple remote denial-of-service vulnerabilities. Successful exploits of these vulnerabilities will result in a denial-of-service condition. Due to nature of these issues, arbitrary code execution may also be possible. xArrow 3.2 and prior versions are vulnerable

Trust: 3.51

sources: NVD: CVE-2012-2426 // JVNDB: JVNDB-2012-002565 // CNVD: CNVD-2012-8764 // CNVD: CNVD-2012-1067 // BID: 52307 // IVD: 86467414-1f71-11e6-abef-000c29c66e3d // IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.8

sources: IVD: 86467414-1f71-11e6-abef-000c29c66e3d // IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8764 // CNVD: CNVD-2012-1067

AFFECTED PRODUCTS

vendor:xarrowmodel:xarrowscope:eqversion:3.4

Trust: 1.2

vendor:xarrowmodel:xarrowscope:lteversion:3.4

Trust: 1.0

vendor:xarrowmodel:xarrowscope:eqversion:3.2

Trust: 0.9

vendor:xarrowmodel:xarrowscope:ltversion:3.4.1

Trust: 0.8

vendor:xarrowmodel: - scope:eqversion:*

Trust: 0.6

vendor:xarrowmodel:xarrowscope:eqversion:0

Trust: 0.3

vendor:xarrowmodel:xarrowscope:neversion:3.4.1

Trust: 0.3

vendor:xarrowmodel: - scope:eqversion:3.2

Trust: 0.2

sources: IVD: 86467414-1f71-11e6-abef-000c29c66e3d // IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8764 // CNVD: CNVD-2012-1067 // BID: 52307 // JVNDB: JVNDB-2012-002565 // CNNVD: CNNVD-201205-496 // NVD: CVE-2012-2426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2426
value: HIGH

Trust: 1.0

NVD: CVE-2012-2426
value: HIGH

Trust: 0.8

CNVD: CNVD-2012-8764
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201205-496
value: HIGH

Trust: 0.6

IVD: 86467414-1f71-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 7d790d40-463f-11e9-8170-000c29342cb1
value: HIGH

Trust: 0.2

IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2012-2426
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-8764
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 86467414-1f71-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d790d40-463f-11e9-8170-000c29342cb1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 86467414-1f71-11e6-abef-000c29c66e3d // IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8764 // JVNDB: JVNDB-2012-002565 // CNNVD: CNNVD-201205-496 // NVD: CVE-2012-2426

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2012-002565 // NVD: CVE-2012-2426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-496

TYPE

Resource management error

Trust: 1.2

sources: IVD: 86467414-1f71-11e6-abef-000c29c66e3d // IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201205-496

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002565

PATCH
title:Top Pageurl:http://www.xarrow.net/
Trust: 0.8
title:xArrow denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/37634
Trust: 0.6
title:xArrow has multiple patches for denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/12132
Trust: 0.6
title:xarrowurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44287
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-8764 // 
            
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            JVNDB: JVNDB-2012-002565 // 
            
            
            
            CNNVD: CNNVD-201205-496

EXTERNAL IDS
db:NVDid:CVE-2012-2426
Trust: 3.9
db:ICS CERTid:ICSA-12-145-02
Trust: 2.7
db:CNNVDid:CNNVD-201205-496
Trust: 1.2
db:CNVDid:CNVD-2012-8764
Trust: 1.0
db:ICS CERT ALERTid:ICS-ALERT-12-065-01
Trust: 0.9
db:BIDid:52307
Trust: 0.9
db:CNVDid:CNVD-2012-1067
Trust: 0.8
db:JVNDBid:JVNDB-2012-002565
Trust: 0.8
db:IVDid:86467414-1F71-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:7D790D40-463F-11E9-8170-000C29342CB1
Trust: 0.2
db:IVDid:CEEE2AA0-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 86467414-1f71-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 7d790d40-463f-11e9-8170-000c29342cb1 // 
            
            
            
            IVD: ceee2aa0-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-8764 // 
            
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002565 // 
            
            
            
            CNNVD: CNNVD-201205-496 // 
            
            
            
            NVD: CVE-2012-2426

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-145-02.pdf
Trust: 2.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2426
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2426
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdfhttp
Trust: 0.6
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdf
Trust: 0.3
url:http://aluigi.org/adv/xarrow_1-adv.txt
Trust: 0.3
url:http://www.xarrow.net/index.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-8764 // 
            
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002565 // 
            
            
            
            CNNVD: CNNVD-201205-496 // 
            
            
            
            NVD: CVE-2012-2426

CREDITS
ICS-CERT
Trust: 0.3
sources:
            
            
            BID: 52307

SOURCES
db:IVDid:86467414-1f71-11e6-abef-000c29c66e3d
db:IVDid:7d790d40-463f-11e9-8170-000c29342cb1
db:IVDid:ceee2aa0-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-8764
db:CNVDid:CNVD-2012-1067
db:BIDid:52307
db:JVNDBid:JVNDB-2012-002565
db:CNNVDid:CNNVD-201205-496
db:NVDid:CVE-2012-2426

LAST UPDATE DATE
2025-04-11T22:49:39.927000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-8764date:2012-05-28T00:00:00
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:BIDid:52307date:2012-05-24T15:30:00
db:JVNDBid:JVNDB-2012-002565date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-496date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2426date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:86467414-1f71-11e6-abef-000c29c66e3ddate:2012-03-07T00:00:00
db:IVDid:7d790d40-463f-11e9-8170-000c29342cb1date:2012-05-28T00:00:00
db:IVDid:ceee2aa0-2353-11e6-abef-000c29c66e3ddate:2012-05-28T00:00:00
db:CNVDid:CNVD-2012-8764date:2012-05-28T00:00:00
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:BIDid:52307date:2012-03-05T00:00:00
db:JVNDBid:JVNDB-2012-002565date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-496date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2426date:2012-05-25T19:55:01.557