Sign-up

ID

VAR-201305-0089


CVE

CVE-2013-0685


TITLE

Invensys Wonderware Information Server Denial of service vulnerability

Trust: 1.4

sources: IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05052 // CNNVD: CNNVD-201305-137

DESCRIPTION

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. Invensys Wonderware Information Server is a graphical visualization, reporting and analysis of real-time network-based plant operations data that helps drive productivity across the enterprise. Invensys Wonderware Information Server is prone to a denial-of-service vulnerability. Successful exploits may allow an attacker to trigger high CPU consumption and make the application unresponsive. Note that this issue could be exploited to execute arbitrary code, however, Symantec has not been confirmed. The following versions are vulnerable: Wonderware Information Server 4.0 SP1 Wonderware Information Server 4.5 Portal Wonderware Information Server 5.0 Portal. Through the network solution, this product can conveniently display the factory performance indicators and production data to the operation, operation and maintenance and engineering personnel, and is widely used in petroleum, natural gas, chemical and other industries

Trust: 2.7

sources: NVD: CVE-2013-0685 // JVNDB: JVNDB-2013-002604 // CNVD: CNVD-2013-05052 // BID: 59709 // IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-60687

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05052

AFFECTED PRODUCTS

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0

Trust: 1.6

vendor:invensysmodel:wonderware information serverscope:eqversion:5.0

Trust: 1.6

vendor:invensysmodel:wonderware information server sp1scope:eqversion:4.0

Trust: 0.9

vendor:invensysmodel:wonderware information server portalscope:eqversion:4.5

Trust: 0.9

vendor:invensysmodel:wonderware information serverscope:eqversion:4.0 sp1sp1

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope:eqversion:4.5- portal

Trust: 0.8

vendor:invensysmodel:wonderware information serverscope:eqversion:5.0- portal

Trust: 0.8

vendor:wonderware information servermodel: - scope:eqversion:4.0

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:4.5

Trust: 0.2

vendor:wonderware information servermodel: - scope:eqversion:5.0

Trust: 0.2

sources: IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05052 // BID: 59709 // JVNDB: JVNDB-2013-002604 // CNNVD: CNNVD-201305-137 // NVD: CVE-2013-0685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0685
value: HIGH

Trust: 1.0

NVD: CVE-2013-0685
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-05052
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201305-137
value: CRITICAL

Trust: 0.6

IVD: f4b1e066-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-60687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0685
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-05052
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f4b1e066-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60687
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05052 // VULHUB: VHN-60687 // JVNDB: JVNDB-2013-002604 // CNNVD: CNNVD-201305-137 // NVD: CVE-2013-0685

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-60687 // JVNDB: JVNDB-2013-002604 // NVD: CVE-2013-0685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-137

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201305-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002604

PATCH
title:Top Pageurl:http://global.wonderware.com/EN/Pages/default.aspx
Trust: 0.8
title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx
Trust: 0.8
title:ハードウェア・パートナーurl:http://iom.invensys.com/JP/Pages/IOM_HardwarePartners.aspx
Trust: 0.8
title:ソフトウェア・パートナーurl:http://iom.invensys.com/JP/Pages/IOM_SoftwarePartners.aspx
Trust: 0.8
title:Wonderware Top Pageurl:http://iom.invensys.com/JP/Pages/home.aspx
Trust: 0.8
title:Patch for Invensys Wonderware Information Server Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/33856
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05052 // 
            
            
            
            JVNDB: JVNDB-2013-002604

EXTERNAL IDS
db:NVDid:CVE-2013-0685
Trust: 3.6
db:ICS CERTid:ICSA-13-113-01
Trust: 3.4
db:BIDid:59709
Trust: 1.6
db:CNNVDid:CNNVD-201305-137
Trust: 0.9
db:CNVDid:CNVD-2013-05052
Trust: 0.8
db:JVNDBid:JVNDB-2013-002604
Trust: 0.8
db:SECUNIAid:53308
Trust: 0.6
db:IVDid:F4B1E066-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-60687
Trust: 0.1
sources:
            
            
            IVD: f4b1e066-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-05052 // 
            
            
            
            VULHUB: VHN-60687 // 
            
            
            
            BID: 59709 // 
            
            
            
            JVNDB: JVNDB-2013-002604 // 
            
            
            
            CNNVD: CNNVD-201305-137 // 
            
            
            
            NVD: CVE-2013-0685

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-113-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0685
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0685
Trust: 0.8
url:http://secunia.com/advisories/53308
Trust: 0.6
url:http://www.securityfocus.com/bid/59709
Trust: 0.6
url:http://global.wonderware.com/en/pages/wonderwareinformationserver.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-05052 // 
            
            
            
            VULHUB: VHN-60687 // 
            
            
            
            BID: 59709 // 
            
            
            
            JVNDB: JVNDB-2013-002604 // 
            
            
            
            CNNVD: CNNVD-201305-137 // 
            
            
            
            NVD: CVE-2013-0685

CREDITS
Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team
Trust: 0.9
sources:
            
            
            BID: 59709 // 
            
            
            
            CNNVD: CNNVD-201305-137

SOURCES
db:IVDid:f4b1e066-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-05052
db:VULHUBid:VHN-60687
db:BIDid:59709
db:JVNDBid:JVNDB-2013-002604
db:CNNVDid:CNNVD-201305-137
db:NVDid:CVE-2013-0685

LAST UPDATE DATE
2025-04-11T22:53:19.587000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05052date:2013-05-27T00:00:00
db:VULHUBid:VHN-60687date:2013-05-09T00:00:00
db:BIDid:59709date:2013-05-07T00:00:00
db:JVNDBid:JVNDB-2013-002604date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-137date:2013-05-17T00:00:00
db:NVDid:CVE-2013-0685date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:f4b1e066-2352-11e6-abef-000c29c66e3ddate:2013-05-10T00:00:00
db:CNVDid:CNVD-2013-05052date:2013-05-10T00:00:00
db:VULHUBid:VHN-60687date:2013-05-09T00:00:00
db:BIDid:59709date:2013-05-07T00:00:00
db:JVNDBid:JVNDB-2013-002604date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-137date:2013-05-17T00:00:00
db:NVDid:CVE-2013-0685date:2013-05-09T12:31:18.970