CVE-2012-0228

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/80890
http://secunia.com/advisories/48603
http://www.securityfocus.com/bid/52851
http://www.securitytracker.com/id?1026886
http://www.securitytracker.com/id?1026887
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1::::::
	cpe:2.3:a:invensys:wonderware_information_server:4.5:::::::*

History

No history.

Information

Published : 2012-04-02 20:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-0228

Mitre link : CVE-2012-0228

CVE.ORG link : CVE-2012-0228

JSON object : View

Products Affected

invensys

wonderware_information_server

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-0228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-04-02T20:55:01.903", "references": [{"url": "http://osvdb.org/80890", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/48603", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/52851", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1026886", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1026887", "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors."}, {"lang": "es", "value": "Invensys Wonderware Information Server v4.0 SP1 y v4.5 no implementan de forma adecuada los controles, lo que permite a atacantes remotos evitar las restricciones de acceso impuestas a trav\u00e9s de vectores no determinados."}], "lastModified": "2018-01-06T02:29:28.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "325DE4D6-7649-4566-BC6E-1F8DC16FF1A9"}, {"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7197915B-54BF-41DB-8304-B4CBF1751CE4"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}