Details of VAR-E-201201-0656

ID

VAR-E-201201-0656

CVE

cve_id:	CVE-2011-4039	Trust: 0.3
cve_id:	CVE-2011-4038	Trust: 0.3

sources: BID: 51655

TITLE

Dream Report Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities

Trust: 0.3

sources: BID: 51655

DESCRIPTION

Dream Report is prone to a cross-site scripting vulnerability and a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible.
These issues affect Dream Report Versions prior to 4.0.

Trust: 0.3

sources: BID: 51655

AFFECTED PRODUCTS

vendor:	ocean	model:	data systems dream reports	scope:	eq	version:	3.0	Trust: 0.3
vendor:	invensys	model:	wonderware hmi reports	scope:	eq	version:	3.42.835.0304	Trust: 0.3
vendor:	ocean	model:	data systems dream reports	scope:	ne	version:	4.0	Trust: 0.3

sources: BID: 51655

EXPLOIT

To exploit a cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI.
Currently, we are not aware of any working exploits for the remote code-execution issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Trust: 0.3

sources: BID: 51655

PRICE

Free

Trust: 0.3

sources: BID: 51655

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 51655

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.3

sources: BID: 51655

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-12-039-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-12-024-01	Trust: 0.3
db:	NVD	id:	CVE-2011-4039	Trust: 0.3
db:	NVD	id:	CVE-2011-4038	Trust: 0.3
db:	BID	id:	51655	Trust: 0.3

sources: BID: 51655

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-039-01.pdf	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-024-01.pdf	Trust: 0.3
url:	http://www.dreamreport.net/php/download/download.php?lang=en	Trust: 0.3

sources: BID: 51655

SOURCES

db:

BID

id:

51655

LAST UPDATE DATE

2022-07-27T09:27:47.144000+00:00

SOURCES UPDATE DATE

db:

BID

id:

51655

date:

2012-02-08T19:00:00

SOURCES RELEASE DATE

db:

BID

id:

51655

date:

2012-01-24T00:00:00