PT-2012-2443 · Invensys · Intouch+5
Published
2012-04-02
·
Updated
2013-03-26
·
CVE-2012-0257
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Invensys Wonderware Application Server versions 2012 and earlier
Foxboro Control Software version 3.1 and earlier
InFusion CE/FE/SCADA version 2.5 and earlier
Wonderware Information Server version 4.5 and earlier
ArchestrA Application Object Toolkit version 3.2 and earlier
InTouch versions 10.0 through 10.5
Description
A heap-based buffer overflow issue exists in the WWCabFile ActiveX component. This could allow remote attackers to execute arbitrary code via a long string to the
Open member, leading to a function-pointer overwrite.Recommendations
For Invensys Wonderware Application Server versions 2012 and earlier, update to a version later than 2012.
For Foxboro Control Software version 3.1 and earlier, update to a version later than 3.1.
For InFusion CE/FE/SCADA version 2.5 and earlier, update to a version later than 2.5.
For Wonderware Information Server version 4.5 and earlier, update to a version later than 4.5.
For ArchestrA Application Object Toolkit version 3.2 and earlier, update to a version later than 3.2.
For InTouch versions 10.0 through 10.5, update to a version later than 10.5.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archestra Application Object Toolkit
Foxboro Control
Infusion Ce/Fe/Scada
Intouch
Invensys Wonderware Application Server
Wonderware Information Server