CVE-2012-3005 - Vulnerability Details - OpenCVE

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Invensys	Foxboro Control Software Infusion Ce\/fe\/scada Intouch Intouch\/wonderware Application Server Wonderware Historian Wonderware Inbatch Wonderware Information Server

Configuration 1 [-]

OR	cpe:2.3:a:invensys:foxboro_control_software:3.1:::::::*
	cpe:2.3:a:invensys:foxboro_control_software:4.0:::::::*
	cpe:2.3:a:invensys:infusion_ce\/fe\/scada::::::::
	cpe:2.3:a:invensys:intouch::::::::
	cpe:2.3:a:invensys:intouch\/wonderware_application_server::::::::
	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:::::::*
	cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:::::::*
	cpe:2.3:a:invensys:wonderware_historian::sp1::::::*
	cpe:2.3:a:invensys:wonderware_historian:10.0:::::::*
	cpe:2.3:a:invensys:wonderware_inbatch::sp1::::::*
	cpe:2.3:a:invensys:wonderware_information_server::::::::
	cpe:2.3:a:invensys:wonderware_information_server:3.1:::::::*
	cpe:2.3:a:invensys:wonderware_information_server:4.0:::::::*
	cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1::::::

No data.

References

Link	Providers
http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-07-26T10:00:00Z

Updated: 2024-09-17T03:58:58.880Z

Reserved: 2012-05-30T00:00:00Z

Link: CVE-2012-3005

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-07-26T10:41:47.747

Modified: 2024-11-21T01:40:06.403

Link: CVE-2012-3005

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-26T10:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-3005", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:05.353Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-3005", "datePublished": "2012-07-26T10:00:00Z", "dateReserved": "2012-05-30T00:00:00Z", "dateUpdated": "2024-09-17T03:58:58.880Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8066239-FE54-49DD-8D55-E4681BED297F", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "54861639-8E21-4E67-B776-8A1024657457", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:infusion_ce\\/fe\\/scada:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AC4B215-533F-4950-9D81-711F1B669A22", "versionEndIncluding": "2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:*", "matchCriteriaId": "510DAA85-68A1-4BAF-BC27-18D71BD06F97", "versionEndIncluding": "2012", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "255276F6-6C83-4A5D-98B9-7ABD831236BA", "versionEndIncluding": "2012", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "337B2BEC-029A-491F-8E91-74AE7595CBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:intouch\\/wonderware_application_server:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "0221FC49-8A68-4A22-AB09-BF7CC236DC25", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "39F227E3-8B8E-4B21-98F4-DDABBE370B27", "versionEndIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "5579D221-3F63-480C-A439-B68E94EF0B95", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "47BB631F-51B7-447B-8E03-ECDB9C3EEFE7", "versionEndIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_information_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4265378-CF22-42AC-B63C-73F96507E680", "versionEndIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_information_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "262CBEB8-A6EA-48DE-B5A5-460660F33442", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC154F44-2618-4AD5-B252-98E521F98CEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "325DE4D6-7649-4566-BC6E-1F8DC16FF1A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en Invensys Wonderware InTouch 2012 y anteriores, tal como se utiliza en el servidor de aplicaciones Wonderware, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch y Wonderware Historian, permite a usuarios locales conseguir privilegios a trav\u00e9s de un DLL troyano en un directorio no especificado.\r\n"}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "id": "CVE-2012-3005", "lastModified": "2024-11-21T01:40:06.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-26T10:41:47.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}