CVE-2011-4039

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."

Invensys Wonderware HMI Reports v3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros productos permiten a atacantes remotos asistidos por usuarios, ejecutar código de su elección mediante un fichero defectuoso que provocará una "write access violation.".

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-10-13 CVE Reserved
2012-02-10 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (4)

URL	Tag	Source
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf	Us Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf	Us Government Resource

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/47742	2012-02-14
http://secunia.com/advisories/47933	2012-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dreamreport Search vendor "Dreamreport"		Dream Report Search vendor "Dreamreport" for product "Dream Report"				<= 3.43 Search vendor "Dreamreport" for product "Dream Report" and version " <= 3.43"		-		Affected
Dreamreport Search vendor "Dreamreport"		Dream Report Search vendor "Dreamreport" for product "Dream Report"				3.21 Search vendor "Dreamreport" for product "Dream Report" and version "3.21"		-		Affected
Dreamreport Search vendor "Dreamreport"		Dream Report Search vendor "Dreamreport" for product "Dream Report"				3.41 Search vendor "Dreamreport" for product "Dream Report" and version "3.41"		-		Affected
Dreamreport Search vendor "Dreamreport"		Dream Report Search vendor "Dreamreport" for product "Dream Report"				3.42 Search vendor "Dreamreport" for product "Dream Report" and version "3.42"		-		Affected
Invensys Search vendor "Invensys"		Wonderware Hmi Reports Search vendor "Invensys" for product "Wonderware Hmi Reports"				<= 3.42.835.0304 Search vendor "Invensys" for product "Wonderware Hmi Reports" and version " <= 3.42.835.0304"		-		Affected