Executive Summary
Summary | |
---|---|
Title | Invensys Wonderware InTouch creates insecure NetDDE share |
Informations | |||
---|---|---|---|
Name | VU#138633 | First vendor Publication | 2007-11-19 |
Vendor | VU-CERT | Last vendor Modification | 2007-11-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#138633Invensys Wonderware InTouch creates insecure NetDDE shareOverviewInvensys Wonderware InTouch 8.0 creates a NetDDE share that could allow an attacker to run arbitrary programs.I. DescriptionInvensys Wonderware InTouch HMI Software is used in Supervisory Control And Data Acquisition (SCADA) systems.Dynamic Data Exchange (DDE) was designed to allow Microsoft Windows applications to share data. NetDDE is an extension to DDE that was developed by Wonderware. NetDDE allows communications with local DDE applications and with remote NetDDE agents using NetBIOS. NetDDE is not supported in Windows Vista, but is included in Windows NT, 2000, XP, and Server 2003. This issue has been addressed in Wonderware InTouch version 9 and later. Wonderware administrators with active support contracts who do not want to upgrade can get an updated version of Wonderware 8.0. Wonderware Tech Alert 98 contains information about obtaining fixed software. Wonderware administrators can also contact Wonderware for more information about obtaining updates.
Systems Affected
References
This vulnerability was reported by Neutralbit with assistance from Digital Bond. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/138633 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42398 | Invensys Wonderware InTouch NetDDE Share Permission Weakness Remote Privilege... |
Alert History
Date | Informations |
---|---|
2013-05-11 12:26:30 |
|