Sign-up

ID

VAR-201205-0145


CVE

CVE-2012-2429


TITLE

xArrow Arbitrary code execution vulnerability

Trust: 1.4

sources: IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2961 // CNNVD: CNNVD-201205-499

DESCRIPTION

The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. xArrow is a lightweight but full-featured industrial configuration software for monitoring and controlling industrial systems. xArrow has multiple security vulnerabilities that allow an attacker to perform a denial of service attack. An attacker can send a malicious message, trigger an uncompressed NULL pointer, heap corruption, illegal read access, memory corruption, etc., which can cause the application to crash. xArrow has a vulnerability. xArrow is prone to multiple remote denial-of-service vulnerabilities. Successful exploits of these vulnerabilities will result in a denial-of-service condition. xArrow 3.2 and prior versions are vulnerable

Trust: 3.15

sources: NVD: CVE-2012-2429 // JVNDB: JVNDB-2012-002568 // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2961 // BID: 52307 // IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.4

sources: IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2961

AFFECTED PRODUCTS

vendor:xarrowmodel:xarrowscope:eqversion:3.4

Trust: 1.2

vendor:xarrowmodel:xarrowscope:lteversion:3.4

Trust: 1.0

vendor:xarrowmodel:xarrowscope:eqversion:3.2

Trust: 0.9

vendor:xarrowmodel:xarrowscope:ltversion:3.4.1

Trust: 0.8

vendor:xarrowmodel:xarrowscope:eqversion:0

Trust: 0.3

vendor:xarrowmodel:xarrowscope:neversion:3.4.1

Trust: 0.3

vendor:xarrowmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1067 // CNVD: CNVD-2012-2961 // BID: 52307 // JVNDB: JVNDB-2012-002568 // CNNVD: CNNVD-201205-499 // NVD: CVE-2012-2429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2429
value: HIGH

Trust: 1.0

NVD: CVE-2012-2429
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-499
value: CRITICAL

Trust: 0.6

IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-2429
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-002568 // CNNVD: CNNVD-201205-499 // NVD: CVE-2012-2429

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.8

sources: JVNDB: JVNDB-2012-002568 // NVD: CVE-2012-2429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-499

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201205-499

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002568

PATCH
title:Top Pageurl:http://www.xarrow.net/
Trust: 0.8
title:xArrow has multiple patches for denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/12132
Trust: 0.6
title:xArrow patch for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/17552
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2961 // 
            
            
            
            JVNDB: JVNDB-2012-002568

EXTERNAL IDS
db:NVDid:CVE-2012-2429
Trust: 3.5
db:ICS CERTid:ICSA-12-145-02
Trust: 3.3
db:ICS CERT ALERTid:ICS-ALERT-12-065-01
Trust: 0.9
db:BIDid:52307
Trust: 0.9
db:CNVDid:CNVD-2012-2961
Trust: 0.8
db:CNNVDid:CNNVD-201205-499
Trust: 0.8
db:JVNDBid:JVNDB-2012-002568
Trust: 0.8
db:CNVDid:CNVD-2012-1067
Trust: 0.6
db:IVDid:CF5A4B2C-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: cf5a4b2c-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2961 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002568 // 
            
            
            
            CNNVD: CNNVD-201205-499 // 
            
            
            
            NVD: CVE-2012-2429

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-145-02.pdf
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2429
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2429
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdfhttp
Trust: 0.6
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-065-01.pdf
Trust: 0.3
url:http://aluigi.org/adv/xarrow_1-adv.txt
Trust: 0.3
url:http://www.xarrow.net/index.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-1067 // 
            
            
            
            CNVD: CNVD-2012-2961 // 
            
            
            
            BID: 52307 // 
            
            
            
            JVNDB: JVNDB-2012-002568 // 
            
            
            
            CNNVD: CNNVD-201205-499 // 
            
            
            
            NVD: CVE-2012-2429

CREDITS
ICS-CERT
Trust: 0.3
sources:
            
            
            BID: 52307

SOURCES
db:IVDid:cf5a4b2c-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1067
db:CNVDid:CNVD-2012-2961
db:BIDid:52307
db:JVNDBid:JVNDB-2012-002568
db:CNNVDid:CNNVD-201205-499
db:NVDid:CVE-2012-2429

LAST UPDATE DATE
2025-04-11T22:49:39.887000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:CNVDid:CNVD-2012-2961date:2012-06-01T00:00:00
db:BIDid:52307date:2012-05-24T15:30:00
db:JVNDBid:JVNDB-2012-002568date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-499date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2429date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:cf5a4b2c-2353-11e6-abef-000c29c66e3ddate:2012-06-01T00:00:00
db:CNVDid:CNVD-2012-1067date:2012-03-07T00:00:00
db:CNVDid:CNVD-2012-2961date:2012-06-01T00:00:00
db:BIDid:52307date:2012-03-05T00:00:00
db:JVNDBid:JVNDB-2012-002568date:2012-05-29T00:00:00
db:CNNVDid:CNNVD-201205-499date:2012-05-28T00:00:00
db:NVDid:CVE-2012-2429date:2012-05-25T19:55:01.773