CVSS: 9.3EPSS: 82%CPEs: 5EXPL: 1CVE-2011-0340 – InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0340
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Múltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la máquina virtual ISSymbol, como se ha distribuído en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar código de su elección a través de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al método OpenScreen. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. • https://www.exploit-db.com/exploits/23500 http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 http://secunia.com/advisories/42928 http://secunia.com/advisories/43116 http://secunia.com/secunia_research/2011-36 http://secunia.com/secunia_research/2011-37 http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm http://www.indusoft.com/hotfixes/hotfixes.php http://www.securityfocus.com/bid/47596 http://www.us-cert.gov/control_systems/pdf/ICS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0CVE-2011-0488
https://notcve.org/view.php?id=CVE-2011-0488
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. Desbordamiento de búfer basado en pila en NTWebServer.exe en el servicio web de prueba en InduSoft NTWebServer, según se ha distribuido en Advantech Studio v6.1 y InduSoft Web Studio v7.0, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) o posiblemente ejecutar código arbitrario a través de una petición larga al puerto TCP 80. • http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD http://secunia.com/advisories/42883 http://secunia.com/advisories/42903 http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm http://www.indusoft.com/blog/?p=337 http://www.kb.cert.org/vuls/id/506864 http://www.osvdb.org/70396 http://www.securityfocus.com/bid/45783 http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-5848
https://notcve.org/view.php?id=CVE-2008-5848
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. El módulo Advantech ADAM-6000 tiene 00000000 como su contraseña por defecto, lo que hace más fácil a atacantes remotos obtener acceso a través de una sesión HTTP, y (1) monitorizar o (2) controlar la actividad I/O del módulo Modbus/TCP. • http://ruxcon.org.au/files/2008/SIFT-Ruxcon2008-SCADA-Hacking-Modbus-Enabled-Devices.pdf http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW http://www.ruxcon.org.au/presentations.shtml#13 • CWE-255: Credentials Management Errors •