Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3005

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-3005
Last Modified 30 Jul 2012 12:00:00
Published 26 Jul 2012 06:41:47
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3005

Summary

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Vulnerable Systems

Application

  • Invensys Foxboro Control Software 3.1

  • Invensys Foxboro Control Software 4.0

  • Invensys Infusion Ce%2ffe%2fscada 2.5

  • Invensys Intouch 2012

  • Invensys Intouch%2fwonderware Application Server 10.0

  • Invensys Intouch%2fwonderware Application Server 10.5

  • Invensys Intouch%2fwonderware Application Server 2012

  • Invensys Wonderware Historian 10.0

  • Invensys Wonderware Inbatch 9.5

  • Invensys Wonderware Information Server 3.1

  • Invensys Wonderware Information Server 4.0

  • Invensys Wonderware Information Server 4.5


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf


Last Updated: 27 May 2016 10:54:58