CVE-2010-4557

Published Dec 17, 2010

Last updated 11 years ago

Overview

Description: Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:invensys:wonderware_inbatch:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30CD213C-3241-4E04-A7E9-71D80F9AA719"
          },
          {
            "criteria": "cpe:2.3:a:invensys:wonderware_inbatch:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E99C8469-4F7B-42AD-BEF0-2EAA85926552"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:invensys:foxboro_i\\/a_series_batch:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45D6A903-83EE-45F5-83E1-496D42F2E068"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References