Sign-up

ID

VAR-201205-0143


CVE

CVE-2012-2427


TITLE

xArrow Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2963 // CNNVD: CNNVD-201205-497

DESCRIPTION

Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation. xArrow is a lightweight but full-featured industrial configuration software for monitoring and controlling industrial systems. xArrow has multiple security vulnerabilities that allow an attacker to perform a denial of service attack. An attacker can send a malicious message, trigger an uncompressed NULL pointer, heap corruption, illegal read access, memory corruption, etc., which can cause the application to crash. xArrow is prone to multiple remote denial-of-service vulnerabilities. Successful exploits of these vulnerabilities will result in a denial-of-service condition. Due to nature of these issues, arbitrary code execution may also be possible. xArrow 3.2 and prior versions are vulnerable

Trust: 3.15

sources: NVD: CVE-2012-2427 // JVNDB: JVNDB-2012-002566 // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2963 // BID: 52307 // IVD: cf21ccac-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.4

sources: IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2963

AFFECTED PRODUCTS

vendor:xarrowmodel:xarrowscope:eqversion:3.4

Trust: 1.2

vendor:xarrowmodel:xarrowscope:lteversion:3.4

Trust: 1.0

vendor:xarrowmodel:xarrowscope:eqversion:3.2

Trust: 0.9

vendor:xarrowmodel:xarrowscope:ltversion:3.4.1

Trust: 0.8

vendor:xarrowmodel:xarrowscope:eqversion:0

Trust: 0.3

vendor:xarrowmodel:xarrowscope:neversion:3.4.1

Trust: 0.3

vendor:xarrowmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2963 // BID: 52307 // JVNDB: JVNDB-2012-002566 // CNNVD: CNNVD-201205-497 // NVD: CVE-2012-2427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2427
value: HIGH

Trust: 1.0

NVD: CVE-2012-2427
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-497
value: CRITICAL

Trust: 0.6

IVD: cf21ccac-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-2427
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: cf21ccac-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-002566 // CNNVD: CNNVD-201205-497 // NVD: CVE-2012-2427

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-002566 // NVD: CVE-2012-2427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-497

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201205-497

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002566

PATCH
title:Top Pageurl:http://www.xarrow.net/
Trust: 0.8
title:xArrow has multiple patches for denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/12132
Trust: 0.6
title:Patch for xArrow Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/17553
Trust: 0.6
title:xarrowurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44287
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2963 // 
            
            
            
            JVNDB: JVNDB-2012-002566 // 
            
            
            
            CNNVD: CNNVD-201205-497

EXTERNAL IDS
db:NVDid:CVE-2012-2427
Trust: 3.5
db:ICS CERTid:ICSA-12-145-02
Trust: 3.3
db:ICS CERT ALERTid:ICS-ALERT-12-065-01
Trust: 0.9
db:BIDid:52307
Trust: 0.9
db:CNVDid:CNVD-2012-2963
Trust: 0.8
db:CNNVDid:CNNVD-201205-497
Trust: 0.8
db:JVNDBid:JVNDB-2012-002566
Trust: 0.8
db:CNVDid:CNVD-2012-1067
Trust: 0.6
db:IVDid:CF21CCAC-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: cf21ccac-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2963 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002566 // 
            
            
            
            CNNVD: CNNVD-201205-497 // 
            
            
            
            NVD: CVE-2012-2427

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-145-02.pdf
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2427
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2427
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdfhttp
Trust: 0.6
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdf
Trust: 0.3
url:http://aluigi.org/adv/xarrow_1-adv.txt
Trust: 0.3
url:http://www.xarrow.net/index.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2963 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002566 // 
            
            
            
            CNNVD: CNNVD-201205-497 // 
            
            
            
            NVD: CVE-2012-2427

CREDITS
ICS-CERT
Trust: 0.3
sources:
            
            
            BID: 52307

SOURCES
db:IVDid:cf21ccac-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1067
db:CNVDid:CNVD-2012-2963
db:BIDid:52307
db:JVNDBid:JVNDB-2012-002566
db:CNNVDid:CNNVD-201205-497
db:NVDid:CVE-2012-2427

LAST UPDATE DATE
2025-04-11T22:49:39.976000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:CNVDid:CNVD-2012-2963date:2012-06-01T00:00:00
db:BIDid:52307date:2012-05-24T15:30:00
db:JVNDBid:JVNDB-2012-002566date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-497date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2427date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:cf21ccac-2353-11e6-abef-000c29c66e3ddate:2012-06-01T00:00:00
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:CNVDid:CNVD-2012-2963date:2012-06-01T00:00:00
db:BIDid:52307date:2012-03-05T00:00:00
db:JVNDBid:JVNDB-2012-002566date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-497date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2427date:2012-05-25T19:55:01.680