Executive Summary
Summary | |
---|---|
Title | Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#703189 | First vendor Publication | 2010-08-04 |
Vendor | VU-CERT | Last vendor Modification | 2010-08-05 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#703189Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflowOverviewThe Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control contains a stack buffer overflow that could allow a remote attacker to execute arbitrary code on an affected systemI. DescriptionThe Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control, ConfigurationAccessComponent.dll, used by the Wonderware Archestra IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) contains a stack buffer overflow vulnerability.The UnsubscribeData method of the IConfigurationAccess interface useswcscpy() to copy its first parameter into a static sized local buffer. According to Invensys, users that are using IAS 2.1 (all versions)-IDE, WAS 3.0 (all versions)-IDE, WAS 3.1 (all versions)-IDE, InFusion CE 2.0-IEE, InFusion FE 1.0 (all versions)-IEE, InFusion FE 2.0-IEE, InFusion SCADA 2.0–IEE should apply the vendor security update. This vulnerability is not present in Wonderware Application Server 3.1 Service Pack 2 Patch 01 (WAS 3.1 SP2 P01).
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{55414847-A533-4642-8E92-76B191B24B87}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerActiveX Compatibility{55414847-A533-4642-8E92-76B191B24B87}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Enter URLs manually Do not click on URLs from untrusted sources such as unsolicited email or instant messages. Type URLs or use trusted bookmarks for sensitive sites. Vendor Information
ReferencesInformation from Invensys and IOActive was used in this document. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/703189 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66883 | Invensys Wonderware Application Server Archestra ConfigurationAccessComponent... |
Snort® IPS/IDS
Date | Description |
---|---|
2017-05-04 | Invensys Wonderware Archestra ActiveX clsid access attempt RuleID : 42125 - Revision : 2 - Type : BROWSER-PLUGINS |
2017-05-04 | Invensys Wonderware Archestra ActiveX clsid access attempt RuleID : 42124 - Revision : 2 - Type : BROWSER-PLUGINS |
2017-05-04 | Invensys Wonderware Archestra ActiveX clsid access attempt RuleID : 42123 - Revision : 2 - Type : BROWSER-PLUGINS |
2017-05-04 | Invensys Wonderware Archestra ActiveX clsid access attempt RuleID : 42122 - Revision : 2 - Type : BROWSER-PLUGINS |