Sign-up

ID

VAR-201305-0088


CVE

CVE-2013-0684


TITLE

Invensys Wonderware Information Server In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002603

DESCRIPTION

SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Invensys Wonderware Information Server can centrally reflect web management solutions for production management. There are security vulnerabilities in the implementation of Wonderware Information Server 4.0 SP1, Wonderware Information Server 4.5 Portal, and Wonderware Information Server 5.0 Portal. An attacker can exploit a vulnerability to compromise an application and perform unauthorized operations. Through the network solution, this product can conveniently display the factory performance indicators and production data to the operation, operation and maintenance and engineering personnel, and is widely used in petroleum, natural gas, chemical and other industries

Trust: 2.7

sources: NVD: CVE-2013-0684 // JVNDB: JVNDB-2013-002603 // CNVD: CNVD-2013-05026 // BID: 59704 // IVD: f4b83222-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60686

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f4b83222-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05026

AFFECTED PRODUCTS

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:5.0

Trust: 1.6

vendor:invensysmodel:wonderware information server sp1scope:eqversion:4.0

Trust: 0.9

vendor:invensysmodel:wonderware information server portalscope:eqversion:4.5

Trust: 0.9

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0 sp1sp1

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5- portal

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope:eqversion:5.0- portal

Trust: 0.8

vendor:wonderware information servermodel: - scope:eqversion:4.0

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:4.5

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:5.0

Trust: 0.2

sources: IVD: f4b83222-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05026 // BID: 59704 // JVNDB: JVNDB-2013-002603 // CNNVD: CNNVD-201305-141 // NVD: CVE-2013-0684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0684
value: HIGH

Trust: 1.0

NVD: CVE-2013-0684
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-05026
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201305-141
value: HIGH

Trust: 0.6

IVD: f4b83222-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-60686
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0684
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-05026
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f4b83222-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60686
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: f4b83222-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05026 // VULHUB: VHN-60686 // JVNDB: JVNDB-2013-002603 // CNNVD: CNNVD-201305-141 // NVD: CVE-2013-0684

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-60686 // JVNDB: JVNDB-2013-002603 // NVD: CVE-2013-0684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-141

TYPE

SQL injection

Trust: 0.8

sources: IVD: f4b83222-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201305-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002603

PATCH
title:Top Pageurl:http://global.wonderware.com/EN/Pages/default.aspx
Trust: 0.8
title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx
Trust: 0.8
title:ハードウェア・パートナーurl:http://iom.invensys.com/JP/Pages/IOM_HardwarePartners.aspx
Trust: 0.8
title:ソフトウェア・パートナーurl:http://iom.invensys.com/JP/Pages/IOM_SoftwarePartners.aspx
Trust: 0.8
title:Wonderware Top Pageurl:http://iom.invensys.com/JP/Pages/home.aspx
Trust: 0.8
title:Patch for Invensys Wonderware Information Server SQL Injection Vulnerability (CNVD-2013-05026)url:https://www.cnvd.org.cn/patchInfo/show/33854
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05026 // 
            
            
            
            JVNDB: JVNDB-2013-002603

EXTERNAL IDS
db:NVDid:CVE-2013-0684
Trust: 3.6
db:ICS CERTid:ICSA-13-113-01
Trust: 3.1
db:BIDid:59704
Trust: 1.6
db:CNNVDid:CNNVD-201305-141
Trust: 0.9
db:CNVDid:CNVD-2013-05026
Trust: 0.8
db:JVNDBid:JVNDB-2013-002603
Trust: 0.8
db:SECUNIAid:53308
Trust: 0.6
db:IVDid:F4B83222-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60686
Trust: 0.1
sources:
            
            
            IVD: f4b83222-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-05026 // 
            
            
            
            VULHUB: VHN-60686 // 
            
            
            
            BID: 59704 // 
            
            
            
            JVNDB: JVNDB-2013-002603 // 
            
            
            
            CNNVD: CNNVD-201305-141 // 
            
            
            
            NVD: CVE-2013-0684

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-113-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0684
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0684
Trust: 0.8
url:http://www.linuxidc.com/linux/2013-05/84035.htm
Trust: 0.6
url:http://secunia.com/advisories/53308
Trust: 0.6
url:http://www.securityfocus.com/bid/59704
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05026 // 
            
            
            
            VULHUB: VHN-60686 // 
            
            
            
            JVNDB: JVNDB-2013-002603 // 
            
            
            
            CNNVD: CNNVD-201305-141 // 
            
            
            
            NVD: CVE-2013-0684

CREDITS
Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team
Trust: 0.9
sources:
            
            
            BID: 59704 // 
            
            
            
            CNNVD: CNNVD-201305-141

SOURCES
db:IVDid:f4b83222-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-05026
db:VULHUBid:VHN-60686
db:BIDid:59704
db:JVNDBid:JVNDB-2013-002603
db:CNNVDid:CNNVD-201305-141
db:NVDid:CVE-2013-0684

LAST UPDATE DATE
2025-04-11T22:53:19.501000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05026date:2013-05-28T00:00:00
db:VULHUBid:VHN-60686date:2013-05-09T00:00:00
db:BIDid:59704date:2013-05-07T00:00:00
db:JVNDBid:JVNDB-2013-002603date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-141date:2013-05-29T00:00:00
db:NVDid:CVE-2013-0684date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:f4b83222-2352-11e6-abef-000c29c66e3ddate:2013-05-09T00:00:00
db:CNVDid:CNVD-2013-05026date:2013-05-10T00:00:00
db:VULHUBid:VHN-60686date:2013-05-09T00:00:00
db:BIDid:59704date:2013-05-07T00:00:00
db:JVNDBid:JVNDB-2013-002603date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-141date:2013-05-17T00:00:00
db:NVDid:CVE-2013-0684date:2013-05-09T12:31:18.950