Details of VAR-201008-0279

ID

VAR-201008-0279

CVE

CVE-2010-2974

TITLE

Wonderware Archestra ConfigurationAccessComponent Stack Buffer Overflow Vulnerability

Trust: 1.3

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // CNVD: CNVD-2010-1498 // BID: 42184

DESCRIPTION

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method. Wonderware Archestra ConfigurationAccessComponent ActiveX The control contains a buffer overflow vulnerability. The UnsubscribeData method of the IConfigurationAccess interface privately wcscpy() copies the first parameter to the static size buffer, which can trigger a buffer overflow. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Wonderware Archestra ConfigurationAccessComponent ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed attempts will likely result in denial-of-service conditions. The vulnerable ActiveX control is included in the following products: Wonderware Application Server prior to 3.1 Service Pack 2 Patch 01

Trust: 4.5

sources: NVD: CVE-2010-2974 // CERT/CC: VU#703189 // JVNDB: JVNDB-2010-004992 // JVNDB: JVNDB-2010-001891 // CNVD: CNVD-2010-1498 // BID: 42184 // IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // VULHUB: VHN-45579

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1498

AFFECTED PRODUCTS

vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.1	Trust: 1.6
vendor:	invensys	model:	wonderware archestra configuration access component activex control	scope:	-	version:	-	Trust: 1.6
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.0	Trust: 1.2
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	2.1	Trust: 1.2
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	2.0	Trust: 1.2
vendor:	invensys	model:	wonderware application server	scope:	lte	version:	3.1	Trust: 1.0
vendor:	invensys	model:	wonderware archestra configuration access component activex control	scope:	eq	version:	*	Trust: 1.0
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.1	Trust: 0.8
vendor:	invensys	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	invensys	model:	wonderware application server	scope:	lt	version:	3.1 sp2 p01	Trust: 0.8
vendor:	invensys	model:	wonderware application server	scope:	lt	version:	3.1 service pack 2 patch 01 earlier	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	4.x	Trust: 0.6
vendor:	wonderware archestra configuration access component activex control	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	infusion integrated engineering environment	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	wonderware application server	model:	-	scope:	eq	version:	2.0	Trust: 0.4
vendor:	wonderware application server	model:	-	scope:	eq	version:	2.1	Trust: 0.4
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.0	Trust: 0.4
vendor:	wonderware application server	model:	-	scope:	lte	version:	<=3.1	Trust: 0.4
vendor:	wonderware archestra integrated environment	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	invensys	model:	wonderware application server	scope:	lte	version:	<=3.1	Trust: 0.2

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // CERT/CC: VU#703189 // CNVD: CNVD-2010-1498 // JVNDB: JVNDB-2010-004992 // JVNDB: JVNDB-2010-001891 // CNNVD: CNNVD-201008-052 // NVD: CVE-2010-2974

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2974
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#703189
value:	5.06
Trust: 0.8
NVD:	CVE-2010-2974
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201008-052
value:	CRITICAL
Trust: 0.6
IVD:	46bcfbba-1fb2-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	7d722f70-463f-11e9-b02f-000c29342cb1
value:	CRITICAL
Trust: 0.2
IVD:	00d1a20c-2356-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-45579
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-2974
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	46bcfbba-1fb2-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d722f70-463f-11e9-b02f-000c29342cb1
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	00d1a20c-2356-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-45579
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // CERT/CC: VU#703189 // VULHUB: VHN-45579 // JVNDB: JVNDB-2010-004992 // CNNVD: CNNVD-201008-052 // NVD: CVE-2010-2974

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-45579 // JVNDB: JVNDB-2010-004992 // NVD: CVE-2010-2974

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-052

TYPE

Buffer overflow

Trust: 1.2

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201008-052

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004992

PATCH

title:	Top page	url:	http://wonderwarepacwest.com/	Trust: 0.8
title:	Top Page	url:	http://support.ips.invensys.com/	Trust: 0.8

sources: JVNDB: JVNDB-2010-004992 // JVNDB: JVNDB-2010-001891

EXTERNAL IDS

db:	CERT/CC	id:	VU#703189	Trust: 5.0
db:	NVD	id:	CVE-2010-2974	Trust: 3.4
db:	CNNVD	id:	CNNVD-201008-052	Trust: 1.3
db:	CNVD	id:	CNVD-2010-1498	Trust: 1.0
db:	BID	id:	42184	Trust: 1.0
db:	JVNDB	id:	JVNDB-2010-004992	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001891	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-11-230-01	Trust: 0.3
db:	IVD	id:	46BCFBBA-1FB2-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D722F70-463F-11E9-B02F-000C29342CB1	Trust: 0.2
db:	IVD	id:	00D1A20C-2356-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-45579	Trust: 0.1

sources: IVD: 46bcfbba-1fb2-11e6-abef-000c29c66e3d // IVD: 7d722f70-463f-11e9-b02f-000c29342cb1 // IVD: 00d1a20c-2356-11e6-abef-000c29c66e3d // CERT/CC: VU#703189 // CNVD: CNVD-2010-1498 // VULHUB: VHN-45579 // BID: 42184 // JVNDB: JVNDB-2010-004992 // JVNDB: JVNDB-2010-001891 // CNNVD: CNNVD-201008-052 // NVD: CVE-2010-2974

REFERENCES

url:	http://www.kb.cert.org/vuls/id/703189	Trust: 4.2
url:	http://www.pacwest.wonderware.com/web/news/newsdetails.aspx?newsid=203108	Trust: 2.0
url:	http://www.kb.cert.org/vuls/id/moro-87mhpt	Trust: 1.7
url:	https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://wdn.wonderware.com(registrationrequired).http://support.ips.invensys.com(registrationrequired).http://www.pacwest.wonderware.com/web/news/newsdetails.aspx?newsid=203108https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm(registrationrequired)	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2974	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2974	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu703189	Trust: 0.8
url:	http://www.kb.cert.org/cert_web/services/vul-notes.nsf/6eacfaeab94596f5852569290066a50b/b96f3df70ef05a8f85257775004f739a	Trust: 0.8
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-230-01.pdf	Trust: 0.3

sources: CERT/CC: VU#703189 // CNVD: CNVD-2010-1498 // VULHUB: VHN-45579 // BID: 42184 // JVNDB: JVNDB-2010-004992 // JVNDB: JVNDB-2010-001891 // CNNVD: CNNVD-201008-052 // NVD: CVE-2010-2974

CREDITS

IOActive

Trust: 0.3

sources: BID: 42184

SOURCES

db:	IVD	id:	46bcfbba-1fb2-11e6-abef-000c29c66e3d
db:	IVD	id:	7d722f70-463f-11e9-b02f-000c29342cb1
db:	IVD	id:	00d1a20c-2356-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#703189
db:	CNVD	id:	CNVD-2010-1498
db:	VULHUB	id:	VHN-45579
db:	BID	id:	42184
db:	JVNDB	id:	JVNDB-2010-004992
db:	JVNDB	id:	JVNDB-2010-001891
db:	CNNVD	id:	CNNVD-201008-052
db:	NVD	id:	CVE-2010-2974

LAST UPDATE DATE

2025-04-11T22:59:27.093000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#703189	date:	2010-08-05T00:00:00
db:	CNVD	id:	CNVD-2010-1498	date:	2010-08-06T00:00:00
db:	VULHUB	id:	VHN-45579	date:	2010-08-09T00:00:00
db:	BID	id:	42184	date:	2011-08-19T17:10:00
db:	JVNDB	id:	JVNDB-2010-004992	date:	2012-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-001891	date:	2010-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201008-052	date:	2011-07-29T00:00:00
db:	NVD	id:	CVE-2010-2974	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	46bcfbba-1fb2-11e6-abef-000c29c66e3d	date:	2010-08-06T00:00:00
db:	IVD	id:	7d722f70-463f-11e9-b02f-000c29342cb1	date:	2010-08-06T00:00:00
db:	IVD	id:	00d1a20c-2356-11e6-abef-000c29c66e3d	date:	2010-08-09T00:00:00
db:	CERT/CC	id:	VU#703189	date:	2010-08-04T00:00:00
db:	CNVD	id:	CNVD-2010-1498	date:	2010-08-06T00:00:00
db:	VULHUB	id:	VHN-45579	date:	2010-08-05T00:00:00
db:	BID	id:	42184	date:	2010-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2010-004992	date:	2012-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-001891	date:	2010-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201008-052	date:	2010-08-09T00:00:00
db:	NVD	id:	CVE-2010-2974	date:	2010-08-05T19:17:55.543