CVE-2010-2974
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
Desbordamiento de búfer basado en pila en la interfaz IConfigurationAccess en el control ActiveX Invensys Wonderware Archestra ConfigurationAccessComponent de Wonderware Application Server (WAS) anterior a v3.1 SP2 P01, como el usado en el Wonderware Archestra Integrated Development Environment (IDE) y el InFusion Integrated Engineering Environment (IEE), permite a los atacantes remotos ejecutar código a su elección a través del primer argumento del método UnsubscribeData.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-05 CVE Reserved
- 2010-08-05 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/703189 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/MORO-87MHPT | X_refsource_confirm |
|
| https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108 | 2010-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Infusion Integrated Engineering Environment Search vendor "Invensys" for product "Infusion Integrated Engineering Environment" | * | - |
Safe
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | <= 3.1 Search vendor "Invensys" for product "Wonderware Application Server" and version " <= 3.1" | sp2 |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | 2.0 Search vendor "Invensys" for product "Wonderware Application Server" and version "2.0" | - |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | 2.1 Search vendor "Invensys" for product "Wonderware Application Server" and version "2.1" | - |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | 3.0 Search vendor "Invensys" for product "Wonderware Application Server" and version "3.0" | - |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | 3.1 Search vendor "Invensys" for product "Wonderware Application Server" and version "3.1" | - |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Application Server Search vendor "Invensys" for product "Wonderware Application Server" | 3.1 Search vendor "Invensys" for product "Wonderware Application Server" and version "3.1" | sp1 |
Affected
|
| Invensys Search vendor "Invensys" | Wonderware Archestra Configuration Access Component Activex Control Search vendor "Invensys" for product "Wonderware Archestra Configuration Access Component Activex Control" | * | - |
Affected
| in | Invensys Search vendor "Invensys" | Wonderware Archestra Integrated Development Environment Search vendor "Invensys" for product "Wonderware Archestra Integrated Development Environment" | * | - |
Safe
|