CVE-2010-2974

Опубликовано: 05 авг. 2010

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.

Ссылки

http://www.kb.cert.org/vuls/id/703189
US Government Resource
http://www.kb.cert.org/vuls/id/MORO-87MHPT
http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108
Vendor Advisory
https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm
http://www.kb.cert.org/vuls/id/703189
US Government Resource
http://www.kb.cert.org/vuls/id/MORO-87MHPT
http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108
Vendor Advisory
https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:invensys:wonderware_archestra_configuration_access_component_activex_control:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:invensys:infusion_integrated_engineering_environment:*:*:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_application_server:*:sp2:*:*:*:*:*:*

Версия до 3.1 (включая)

cpe:2.3:a:invensys:wonderware_application_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_application_server:2.1:*:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_application_server:3.0:*:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_application_server:3.1:*:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_application_server:3.1:sp1:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_archestra_integrated_development_environment:*:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11282

Средний

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-hrq9-w5fv-x9v6

github

больше 3 лет назад