Details of VAR-201201-0266

ID

VAR-201201-0266

CVE

CVE-2011-4870

TITLE

Invensys Wonderware InBatch of ActiveX Control buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-001032

DESCRIPTION

Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. Invensys Wonderware InBatch Server and runtime client (1) GUIControls , (2) BatchObjSrv ,and (3) BatchSecCtrl ActiveX The control contains a buffer overflow vulnerability. This vulnerability CVE-2011-3141 Is a different vulnerability.A third party may execute arbitrary code through an excessively long string of property values. Multiple stack-based buffer overflow vulnerabilities exist in Invensys Wonderware inBatch. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application that uses ActiveX controls (usually Internet Explorer), which could result in a denial of service. Failed exploit attempts will result in a denial-of-service condition. Failure to do so may result in a denial of service

Trust: 2.88

sources: NVD: CVE-2011-4870 // JVNDB: JVNDB-2012-001032 // CNVD: CNVD-2011-5603 // BID: 51129 // IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52815

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5603

AFFECTED PRODUCTS

vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.5	Trust: 3.3
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0	Trust: 2.7
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	8.1	Trust: 1.9
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	9.0	Trust: 1.2
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	8.1 sp1	Trust: 0.8
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0 sp1	Trust: 0.8
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0 sp2	Trust: 0.8
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	8.1	Trust: 0.4
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	9.5	Trust: 0.4
vendor:	invensys	model:	wonderware inbatch sp2	scope:	eq	version:	9.0	Trust: 0.3
vendor:	invensys	model:	wonderware inbatch sp1	scope:	eq	version:	9.0	Trust: 0.3
vendor:	invensys	model:	wonderware inbatch sp1	scope:	ne	version:	9.5	Trust: 0.3
vendor:	invensys	model:	wonderware inbatch sp1	scope:	ne	version:	8.1	Trust: 0.3

sources: IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5603 // BID: 51129 // JVNDB: JVNDB-2012-001032 // CNNVD: CNNVD-201112-380 // NVD: CVE-2011-4870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4870
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4870
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2011-5603
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201112-380
value:	MEDIUM
Trust: 0.6
IVD:	7d7340de-463f-11e9-9481-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	3d641ee0-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-52815
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4870
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2011-5603
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d7340de-463f-11e9-9481-000c29342cb1
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	3d641ee0-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-52815
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5603 // VULHUB: VHN-52815 // JVNDB: JVNDB-2012-001032 // CNNVD: CNNVD-201112-380 // NVD: CVE-2011-4870

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-52815 // JVNDB: JVNDB-2012-001032 // NVD: CVE-2011-4870

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-380

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-380

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001032

PATCH

title:	Top Page	url:	http://global.wonderware.com	Trust: 0.8
title:	Wonderware 日本のパートナー	url:	http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx	Trust: 0.8
title:	Wonderware Top Page	url:	http://global.wonderware.com/JP/pages/default.aspx	Trust: 0.8
title:	Invensys Wonderware inBatch \342\200\230ActiveX\342\200\231 Control Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/35885	Trust: 0.6

sources: CNVD: CNVD-2011-5603 // JVNDB: JVNDB-2012-001032

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4870	Trust: 3.8
db:	BID	id:	51129	Trust: 2.6
db:	ICS CERT	id:	ICSA-11-332-01A	Trust: 2.5
db:	CNNVD	id:	CNNVD-201112-380	Trust: 1.1
db:	CNVD	id:	CNVD-2011-5603	Trust: 1.0
db:	JVNDB	id:	JVNDB-2012-001032	Trust: 0.8
db:	ICS CERT	id:	ICSA-11-332-01	Trust: 0.3
db:	IVD	id:	7D7340DE-463F-11E9-9481-000C29342CB1	Trust: 0.2
db:	IVD	id:	3D641EE0-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-52815	Trust: 0.1

sources: IVD: 7d7340de-463f-11e9-9481-000c29342cb1 // IVD: 3d641ee0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5603 // VULHUB: VHN-52815 // BID: 51129 // JVNDB: JVNDB-2012-001032 // CNNVD: CNNVD-201112-380 // NVD: CVE-2011-4870

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-332-01a.pdf	Trust: 2.5
url:	http://www.securityfocus.com/bid/51129	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4870	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4870	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-332-01.pdf	Trust: 0.3
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://global.wonderware.com/en/pages/default.aspx	Trust: 0.3

sources: CNVD: CNVD-2011-5603 // VULHUB: VHN-52815 // BID: 51129 // JVNDB: JVNDB-2012-001032 // CNNVD: CNNVD-201112-380 // NVD: CVE-2011-4870

CREDITS

Kuang-Chun Hung of the Security Research and Service Institute-Information and Communication Security Technology Center

Trust: 0.9

sources: BID: 51129 // CNNVD: CNNVD-201112-380

SOURCES

db:	IVD	id:	7d7340de-463f-11e9-9481-000c29342cb1
db:	IVD	id:	3d641ee0-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-5603
db:	VULHUB	id:	VHN-52815
db:	BID	id:	51129
db:	JVNDB	id:	JVNDB-2012-001032
db:	CNNVD	id:	CNNVD-201112-380
db:	NVD	id:	CVE-2011-4870

LAST UPDATE DATE

2024-08-14T14:14:38.169000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5603	date:	2011-12-22T00:00:00
db:	VULHUB	id:	VHN-52815	date:	2012-01-09T00:00:00
db:	BID	id:	51129	date:	2012-01-04T16:50:00
db:	JVNDB	id:	JVNDB-2012-001032	date:	2012-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201112-380	date:	2011-12-22T00:00:00
db:	NVD	id:	CVE-2011-4870	date:	2012-01-09T05:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7d7340de-463f-11e9-9481-000c29342cb1	date:	2011-12-22T00:00:00
db:	IVD	id:	3d641ee0-2354-11e6-abef-000c29c66e3d	date:	2011-12-22T00:00:00
db:	CNVD	id:	CNVD-2011-5603	date:	2011-12-22T00:00:00
db:	VULHUB	id:	VHN-52815	date:	2012-01-08T00:00:00
db:	BID	id:	51129	date:	2011-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001032	date:	2012-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201112-380	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-4870	date:	2012-01-08T00:55:02.130