CVE-2012-1801 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Interlink Module Quickteach Robotstudio Lite Robotstudio S4 S4 Opc Server Webware Sdk Webware Server

Configuration 1 [-]

OR	cpe:2.3:a:abb:interlink_module:-:::::::*
	cpe:2.3:a:abb:quickteach:-:::::::*
	cpe:2.3:a:abb:robotstudio_lite:-:::::::*
	cpe:2.3:a:abb:robotstudio_s4:-:::::::*
	cpe:2.3:a:abb:s4_opc_server:-:::::::*
	cpe:2.3:a:abb:webware_sdk:-:::::::*
	cpe:2.3:a:abb:webware_server:-:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/48693
http://www.securityfocus.com/bid/52888
http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf
http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-04-18T10:00:00

Updated: 2024-08-06T19:08:38.717Z

Reserved: 2012-03-21T00:00:00

Link: CVE-2012-1801

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-04-18T10:33:35.417

Modified: 2024-11-21T01:37:48.583

Link: CVE-2012-1801

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-19T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"name": "48693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48693"}, {"name": "52888", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52888"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-1801", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"name": "48693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48693"}, {"name": "52888", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52888"}, {"name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf", "refsource": "CONFIRM", "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:08:38.717Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"name": "48693", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48693"}, {"name": "52888", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52888"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-1801", "datePublished": "2012-04-18T10:00:00", "dateReserved": "2012-03-21T00:00:00", "dateUpdated": "2024-08-06T19:08:38.717Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3613C59-4589-43B6-8B92-CD1D99CA5E08", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:quickteach:-:*:*:*:*:*:*:*", "matchCriteriaId": "060957B9-B811-45D0-B6C6-AA3ABD8415E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:robotstudio_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDB58170-F332-442A-8470-523DAEE3C544", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:robotstudio_s4:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA154046-8D05-4D9E-A1BF-65E36D9E92C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:s4_opc_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F891948-4044-4D71-97E0-AB6E76830020", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C6E8AF2-2353-48A7-805A-A11D3D689F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "B02E9A10-D707-44BF-B37E-A457BDF3BB88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados ??en la pila en controles (1) COM y (2) ActiveX en ABB WebWare Server SDK WebWare, M\u00f3dulo de Interlink, S4 Servidor OPC, QuickTeach, S4 RobotStudio y RobotStudio Lite permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la entrada modificada."}], "id": "CVE-2012-1801", "lastModified": "2024-11-21T01:37:48.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-18T10:33:35.417", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/48693"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/52888"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"source": "cret@cert.org", "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52888"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}