VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2974
wonderware_application_server, wonderware_archestra_configuration_access_componen...: Stack-based buffer overflow in the IConfigurationAc...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2974

Original

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-05
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-06




Affected Product Tags
cpe:/a:invensys:infusion_integrated_engineering_environment
cpe:/a:invensys:wonderware_application_server:2.0
cpe:/a:invensys:wonderware_application_server:2.1
cpe:/a:invensys:wonderware_application_server:3.0
cpe:/a:invensys:wonderware_application_server:3.1
cpe:/a:invensys:wonderware_application_server:3.1:sp1
cpe:/a:invensys:wonderware_application_server:3.1:sp2 and previous versions
cpe:/a:invensys:wonderware_archestra_configuration_access_component_activex_control
cpe:/a:invensys:wonderware_archestra_integrated_development_environment
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
VU#703189




CONFIRM https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm




CONFIRM http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108




CONFIRM http://www.kb.cert.org/vuls/id/MORO-87MHPT




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.