CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4038
https://notcve.org/view.php?id=CVE-2011-4038
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invensys Wonderware HMI Reports 3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros programas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://secunia.com/advisories/47742 http://secunia.com/advisories/47933 http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 0CVE-2011-4039
https://notcve.org/view.php?id=CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation." Invensys Wonderware HMI Reports v3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros productos permiten a atacantes remotos asistidos por usuarios, ejecutar código de su elección mediante un fichero defectuoso que provocará una "write access violation.". • http://secunia.com/advisories/47742 http://secunia.com/advisories/47933 http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 0CVE-2011-4870
https://notcve.org/view.php?id=CVE-2011-4870
Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. Múltiples desbordamientos de búfer en los controles ActiveX (1) GUIControls, (2) BatchObjSrv, y (3) BatchSecCtrl en Invensys Wonderware InBatch v9.0 y v9.0 SP1 asi como en InBatch v8.1 SP1, v9.0 SP2 y v9.5 Server. Tambien en los clientes en tiempo de ejecución. Estos desbordamientos de búfer permiten a atacantes remotos ejecutar código de su elección a través de una cadena demasiado larga en el valor de una propiedad. Se trata de un problema diferente a CVE-2011-3141. • http://www.securityfocus.com/bid/51129 http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-3141
https://notcve.org/view.php?id=CVE-2011-3141
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el control ActiveX InBatch BatchField de Invensys Wonderware InBatch 8.1 SP1, 9.0 y 9.0 SP1 permite a atacantes remotos provoar una denegación de servicio (caída) y posiblemente ejecutar código malicioso a través de vectores sin especificar. • http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf http://secunia.com/advisories/44336 http://www.osvdb.org/72182 http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2962
https://notcve.org/view.php?id=CVE-2011-2962
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. Múltiples desbordamientos de búfer basado en la pila en Invensys Wonderware Information Server v3.1, v4.0 y v4.0 SP1 permiten a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de dos controles ActiveX no especificados. • http://secunia.com/advisories/45476 http://www.securityfocus.com/bid/48976 http://www.us-cert.gov/control_systems/pdf/ICSA-11-195-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/68988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •