CVE-2015-1009
https://notcve.org/view.php?id=CVE-2015-1009
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. Vulnerabilidad en Schneider Electric InduSoft Web Studio en versiones anteriores a 7.1.3.5 Patch 5 y Wonderware InTouch Machine Edition hasta la versión 7.1 SP3 Patch 4, utiliza almacenamiento de contraseñas en texto plano para project-window, lo que permite a usuarios locales obtener información sensible mediante la lectura de un archivo. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-100-01 https://gcsresource.invensys.com/support/docs/_securitybulletins/Security_bulletin_LFSEC00000110.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-2005 – WonderWare SuiteLink 2.0 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2005
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. El servicio SuiteLink Service (también conocido como slssvc.exe) en WonderWare SuiteLink anterior a 2.0 Patch 01, como el usado en WonderWare InTouch 8.0, permite a atacantes remotos provocar una denegación de servicio(referencia a puntero nulo y apagado de servicio) y posiblemente ejecutar código de su elección mediante un valor de longitud largo en un paquete Registration (registro) al puerto TCP 5413, que provoca un fallo de asignación de memoria. • https://www.exploit-db.com/exploits/6474 http://secunia.com/advisories/30063 http://www.coresecurity.com/?action=item&id=2187 http://www.kb.cert.org/vuls/id/596268 http://www.securityfocus.com/archive/1/491623/100/0/threaded http://www.securityfocus.com/bid/28974 http://www.securitytracker.com/id?1019966 https://exchange.xforce.ibmcloud.com/vulnerabilities/42221 • CWE-399: Resource Management Errors •
CVE-2007-6033
https://notcve.org/view.php?id=CVE-2007-6033
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. Invensys Wonderware InTouch versión 8.0, crea un recurso compartido NetDDE con permisos no seguros (Everyone/Full Control), que permite a atacantes autenticados remotos, y posiblemente a usuarios anónimos, ejecutar programas arbitrarios. • http://osvdb.org/42398 http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804 http://secunia.com/advisories/27751 http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview http://www.kb.cert.org/vuls/id/138633 http://www.securityfocus.com/bid/26496 • CWE-732: Incorrect Permission Assignment for Critical Resource •