Sign-up

ID

VAR-201207-0173


CVE

CVE-2012-3005


TITLE

Invensys Wonderware InTouch Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2012-003409

DESCRIPTION

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. DLL It may be possible to get permission through the file. Invensys is a leading provider of automation and information technology, systems, software solutions, services and consulting for the manufacturing and infrastructure industries. Multiple Invensys Wonderware products are insecure to load library files, allowing an attacker to build specially crafted files, place them on a remote WebDAV or SMB share, entice users to parse, and execute arbitrary code in the application context. Multiple Invensys products are prone to a vulnerability that lets attackers execute arbitrary code. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Invensys Wonderware Products Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA50028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50028 RELEASE DATE: 2012-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/50028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Invensys Wonderware products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Carlos Mario Penagos Hollmann. ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3005 // JVNDB: JVNDB-2012-003409 // CNVD: CNVD-2012-3891 // BID: 54646 // IVD: 94295318-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56286 // PACKETSTORM: 114985

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 94295318-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3891

AFFECTED PRODUCTS

vendor:invensysmodel:intouchscope:lteversion:2012

Trust: 1.8

vendor:invensysmodel:wonderware information serverscope:lteversion:4.5

Trust: 1.8

vendor:invensysmodel:wonderware information serverscope:eqversion:3.1

Trust: 1.6

vendor:invensysmodel:foxboro control softwarescope:eqversion:4.0

Trust: 1.6

vendor:invensysmodel:wonderware historianscope:eqversion:10.0

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0

Trust: 1.6

vendor:invensysmodel:foxboro control softwarescope:eqversion:3.1

Trust: 1.6

vendor:invensysmodel:intouch\/wonderware application serverscope:eqversion:10.5

Trust: 1.0

vendor:invensysmodel:wonderware historianscope:lteversion:10.0

Trust: 1.0

vendor:invensysmodel:infusion ce\/fe\/scadascope:lteversion:2.5

Trust: 1.0

vendor:invensysmodel:wonderware inbatchscope:lteversion:9.5

Trust: 1.0

vendor:invensysmodel:intouch\/wonderware application serverscope:eqversion:10.0

Trust: 1.0

vendor:invensysmodel:intouch\/wonderware application serverscope:lteversion:2012

Trust: 1.0

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5

Trust: 0.9

vendor:invensysmodel:foxboro control softwarescope:lteversion:4.0

Trust: 0.8

vendor:invensysmodel:infusion ce/fe/scadascope:lteversion:2.5

Trust: 0.8

vendor:invensysmodel:wonderware application serverscope:lteversion:2012

Trust: 0.8

vendor:invensysmodel:wonderware historianscope:lteversion:10.0 sp1

Trust: 0.8

vendor:invensysmodel:wonderware inbatchscope:lteversion:9.5 sp1

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope:eqversion:4.x

Trust: 0.6

vendor:invensysmodel:wonderware inbatchscope:eqversion:9.x

Trust: 0.6

vendor:invensysmodel:foxboro control softwarescope:eqversion:4.x

Trust: 0.6

vendor:invensysmodel:wonderware application serverscope:eqversion:3.x

Trust: 0.6

vendor:invensysmodel:wonderware application serverscope:eqversion:2012

Trust: 0.6

vendor:invensysmodel:infusion control editionscope:eqversion:2.x

Trust: 0.6

vendor:invensysmodel:infusion foundation editionscope:eqversion:2.x

Trust: 0.6

vendor:invensysmodel:infusion scadascope:eqversion:2.x

Trust: 0.6

vendor:invensysmodel:wonderware historian clientscope:eqversion:10.x

Trust: 0.6

vendor:invensysmodel:wonderware intouchscope:eqversion:10.x

Trust: 0.6

vendor:invensysmodel:wonderware inbatchscope:eqversion:9.5

Trust: 0.6

vendor:invensysmodel:infusion ce\/fe\/scadascope:eqversion:2.5

Trust: 0.6

vendor:wonderware information servermodel: - scope:eqversion:4.0

Trust: 0.4

vendor:invensysmodel:wonderware inbatch sp1scope:eqversion:9.5

Trust: 0.3

vendor:invensysmodel:wonderware application serverscope:eqversion:20120

Trust: 0.3

vendor:invensysmodel:infusion ce/fe/scadascope:eqversion:2.5

Trust: 0.3

vendor:foxboro controlmodel: - scope:eqversion:3.1

Trust: 0.2

vendor:foxboro controlmodel: - scope:eqversion:4.0

Trust: 0.2

vendor:infusion ce fe scadamodel: - scope:eqversion:*

Trust: 0.2

vendor:intouchmodel: - scope:eqversion:*

Trust: 0.2

vendor:intouch wonderware application servermodel: - scope:eqversion:10.0

Trust: 0.2

vendor:intouch wonderware application servermodel: - scope:eqversion:10.5

Trust: 0.2

vendor:intouch wonderware application servermodel: - scope:eqversion:*

Trust: 0.2

vendor:wonderware historianmodel: - scope:eqversion:10.0

Trust: 0.2

vendor:wonderware historianmodel: - scope:eqversion:*

Trust: 0.2

vendor:wonderware inbatchmodel: - scope:eqversion:*

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:3.1

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 94295318-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3891 // BID: 54646 // JVNDB: JVNDB-2012-003409 // CNNVD: CNNVD-201207-432 // NVD: CVE-2012-3005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3005
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3005
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-432
value: MEDIUM

Trust: 0.6

IVD: 94295318-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-56286
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3005
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 94295318-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-56286
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 94295318-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56286 // JVNDB: JVNDB-2012-003409 // CNNVD: CNNVD-201207-432 // NVD: CVE-2012-3005

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2012-003409 // NVD: CVE-2012-3005

THREAT TYPE

local

Trust: 0.9

sources: BID: 54646 // CNNVD: CNNVD-201207-432

TYPE

other

Trust: 0.8

sources: IVD: 94295318-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-432

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003409

PATCH
title:Top Pageurl:http://iom.invensys.com/EN/Pages/home.aspx
Trust: 0.8
title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx
Trust: 0.8
title:Wonderware Top Pageurl:http://global.wonderware.com/JP/pages/default.aspx
Trust: 0.8
title:Invensys product DLL loads patches for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/19202
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-3891 // 
            
            
            
            JVNDB: JVNDB-2012-003409

EXTERNAL IDS
db:NVDid:CVE-2012-3005
Trust: 3.6
db:ICS CERTid:ICSA-12-177-02
Trust: 2.9
db:SECUNIAid:50028
Trust: 1.4
db:CNNVDid:CNNVD-201207-432
Trust: 0.9
db:CNVDid:CNVD-2012-3891
Trust: 0.8
db:JVNDBid:JVNDB-2012-003409
Trust: 0.8
db:BIDid:54646
Trust: 0.4
db:IVDid:94295318-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-56286
Trust: 0.1
db:PACKETSTORMid:114985
Trust: 0.1
sources:
            
            
            IVD: 94295318-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-3891 // 
            
            
            
            VULHUB: VHN-56286 // 
            
            
            
            BID: 54646 // 
            
            
            
            JVNDB: JVNDB-2012-003409 // 
            
            
            
            PACKETSTORM: 114985 // 
            
            
            
            CNNVD: CNNVD-201207-432 // 
            
            
            
            NVD: CVE-2012-3005

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-177-02.pdf
Trust: 2.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3005
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3005
Trust: 0.8
url:http://secunia.com/advisories/50028/http
Trust: 0.6
url:http://secunia.com/advisories/50028
Trust: 0.6
url:http://global.wonderware.com/en/pages/default.aspx
Trust: 0.3
url:http://secunia.com/advisories/50028/#comments
Trust: 0.1
url:http://secunia.com/psi
Trust: 0.1
url:http://secunia.com/advisories/50028/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50028
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-3891 // 
            
            
            
            VULHUB: VHN-56286 // 
            
            
            
            BID: 54646 // 
            
            
            
            JVNDB: JVNDB-2012-003409 // 
            
            
            
            PACKETSTORM: 114985 // 
            
            
            
            CNNVD: CNNVD-201207-432 // 
            
            
            
            NVD: CVE-2012-3005

CREDITS
Carlos Mario Penagos Hollmann
Trust: 0.3
sources:
            
            
            BID: 54646

SOURCES
db:IVDid:94295318-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-3891
db:VULHUBid:VHN-56286
db:BIDid:54646
db:JVNDBid:JVNDB-2012-003409
db:PACKETSTORMid:114985
db:CNNVDid:CNNVD-201207-432
db:NVDid:CVE-2012-3005

LAST UPDATE DATE
2025-04-11T23:04:13.148000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-3891date:2012-07-26T00:00:00
db:VULHUBid:VHN-56286date:2012-07-30T00:00:00
db:BIDid:54646date:2015-03-19T08:51:00
db:JVNDBid:JVNDB-2012-003409date:2012-07-30T00:00:00
db:CNNVDid:CNNVD-201207-432date:2012-07-27T00:00:00
db:NVDid:CVE-2012-3005date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:94295318-2353-11e6-abef-000c29c66e3ddate:2012-07-26T00:00:00
db:CNVDid:CNVD-2012-3891date:2012-07-26T00:00:00
db:VULHUBid:VHN-56286date:2012-07-26T00:00:00
db:BIDid:54646date:2012-07-23T00:00:00
db:JVNDBid:JVNDB-2012-003409date:2012-07-30T00:00:00
db:PACKETSTORMid:114985date:2012-07-25T04:54:59
db:CNNVDid:CNNVD-201207-432date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3005date:2012-07-26T10:41:47.747