5 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 40EXPL: 0

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. Esta vulnerabilidad de control externo, si se explota, podría permitir que un usuario local autenticado en el sistema operativo con privilegios estándar elimine archivos con privilegios de sistema en la máquina donde están instalados estos productos, lo que resultaría en una denegación de servicio. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. Esta vulnerabilidad de escalada de privilegios, si se explota, en la nube permite que un usuario local autenticado en el sistema operativo con privilegios estándar escale a privilegios del sistema en la máquina donde están instalados estos productos, lo que resulta en un compromiso total de la máquina de destino. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en Invensys Wonderware InTouch 2012 y anteriores, tal como se utiliza en el servidor de aplicaciones Wonderware, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch y Wonderware Historian, permite a usuarios locales conseguir privilegios a través de un DLL troyano en un directorio no especificado. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf •

CVSS: 6.8EPSS: 4%CPEs: 12EXPL: 0

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite. Desbordamiento de búfer basado en memoria dinámica en el componente ActiveX WWCabFile en Wonderware System Platform en Invensys Wonderware Application Server 2012 y anteriores, Foxboro Control Software v3.1 y anteriores, InFusion CE/FE/SCADA v2.5 y anteriores, Wonderware Information Server v4.5 y anteriores, ArchestrA Application Object Toolkit v3.2 y anteriores, y InTouch v10.0 hasta v10.5 ,permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga sobre el miembro Open, provocando una sobrescritura de un puntero a función. • http://osvdb.org/80891 http://secunia.com/advisories/48675 http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 4%CPEs: 12EXPL: 0

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member. Desbordamiento de búfer basado en memoria dinámica en el componente ActiveX WWCabFile en Wonderware System Platform en Invensys Wonderware Application Server 2012 y anteriores, Foxboro Control Software v3.1 y anteriores, InFusion CE/FE/SCADA v2.5 y anteriores, Wonderware Information Server v4.5 y anteriores, ArchestrA Application Object Toolkit v3.2 y anteriores, y InTouch v10.0 hasta v10.5 ,permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga sobre el miembro Addfile. • http://osvdb.org/80891 http://secunia.com/advisories/48675 http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •