CVE-2012-3005
Published Jul 26, 2012
Last updated 12 years ago
Overview
- Description
- Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8066239-FE54-49DD-8D55-E4681BED297F"
},
{
"criteria": "cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54861639-8E21-4E67-B776-8A1024657457"
},
{
"criteria": "cpe:2.3:a:invensys:infusion_ce\\/fe\\/scada:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AC4B215-533F-4950-9D81-711F1B669A22",
"versionEndIncluding": "2.5"
},
{
"criteria": "cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "510DAA85-68A1-4BAF-BC27-18D71BD06F97",
"versionEndIncluding": "2012"
},
{
"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "255276F6-6C83-4A5D-98B9-7ABD831236BA",
"versionEndIncluding": "2012"
},
{
"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "337B2BEC-029A-491F-8E91-74AE7595CBAD"
},
{
"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0221FC49-8A68-4A22-AB09-BF7CC236DC25"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39F227E3-8B8E-4B21-98F4-DDABBE370B27",
"versionEndIncluding": "10.0"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5579D221-3F63-480C-A439-B68E94EF0B95"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47BB631F-51B7-447B-8E03-ECDB9C3EEFE7",
"versionEndIncluding": "9.5"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_information_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4265378-CF22-42AC-B63C-73F96507E680",
"versionEndIncluding": "4.5"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_information_server:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "262CBEB8-A6EA-48DE-B5A5-460660F33442"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC154F44-2618-4AD5-B252-98E521F98CEB"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "325DE4D6-7649-4566-BC6E-1F8DC16FF1A9"
}
],
"operator": "OR"
}
]
}
]