ID

VAR-201202-0154


CVE

CVE-2011-4039


TITLE

Dream Report Remote code execution vulnerability

Trust: 0.8

sources: IVD: 244e04de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0379

DESCRIPTION

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation.". Dream Report is an integrated reporting solution for industrial automation. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Hitachi JP1/IT Desktop Management Manager 09-50 is vulnerable. Dream Report is prone to a cross-site scripting vulnerability and a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data. Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible. These issues affect Dream Report Versions prior to 4.0. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ocean Data Systems Dream Report Two Vulnerabilities SECUNIA ADVISORY ID: SA47742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 RELEASE DATE: 2012-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/47742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Ocean Data Systems Dream Report, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) Certain unspecified is not properly sanitised before being returned to the user. 2) An unspecified error when loading certain files can be exploited to corrupt memory via a specially crafted file. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires tricking a user into loading a malicious file. SOLUTION: Upgrade to version 4.0. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Billy Rios and Terry McCorkle. ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.24

sources: NVD: CVE-2011-4039 // JVNDB: JVNDB-2012-001400 // CNVD: CNVD-2012-0379 // BID: 51747 // BID: 51655 // IVD: 244e04de-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51984 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 244e04de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0379

AFFECTED PRODUCTS

vendor:invensysmodel:wonderware hmi reportsscope:lteversion:3.42.835.0304

Trust: 1.8

vendor:dreamreportmodel:dream reportscope:eqversion:3.41

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:eqversion:3.42

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:eqversion:3.21

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:lteversion:3.43

Trust: 1.0

vendor:oceanmodel:data systems dream reportsscope:eqversion:3.0

Trust: 0.9

vendor:dreamreportmodel:dream reportscope:eqversion:3.43

Trust: 0.6

vendor:hitachimodel:jp1/it desktop management managerscope:eqversion:-09-50

Trust: 0.3

vendor:hitachimodel:jp1/it desktop management managerscope:neversion:-09-50-01

Trust: 0.3

vendor:invensysmodel:wonderware hmi reportsscope:eqversion:3.42.835.0304

Trust: 0.3

vendor:oceanmodel:data systems dream reportsscope:neversion:4.0

Trust: 0.3

vendor:dream reportmodel: - scope:eqversion:3.21

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:3.41

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:3.42

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:*

Trust: 0.2

vendor:wonderware hmi reportsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 244e04de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0379 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001400 // CNNVD: CNNVD-201202-037 // NVD: CVE-2011-4039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4039
value: HIGH

Trust: 1.0

NVD: CVE-2011-4039
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-037
value: CRITICAL

Trust: 0.6

IVD: 244e04de-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-51984
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4039
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2011-4039
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 244e04de-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-51984
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 244e04de-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51984 // JVNDB: JVNDB-2012-001400 // CNNVD: CNNVD-201202-037 // NVD: CVE-2011-4039

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-51984 // JVNDB: JVNDB-2012-001400 // NVD: CVE-2011-4039

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201201-421 // CNNVD: CNNVD-201202-037

TYPE

xss

Trust: 0.9

sources: PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201201-421

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001400

PATCH

title:Top Pageurl:http://global.wonderware.com

Trust: 0.8

title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx

Trust: 0.8

title:Wonderware Top Pageurl:http://global.wonderware.com/JP/pages/default.aspx

Trust: 0.8

title:Patch for Dream Report Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/8682

Trust: 0.6

sources: CNVD: CNVD-2012-0379 // JVNDB: JVNDB-2012-001400

EXTERNAL IDS

db:NVDid:CVE-2011-4039

Trust: 3.6

db:ICS CERTid:ICSA-12-024-01

Trust: 3.5

db:ICS CERTid:ICSA-12-039-01

Trust: 2.9

db:SECUNIAid:47742

Trust: 1.9

db:SECUNIAid:47933

Trust: 1.9

db:CNNVDid:CNNVD-201202-037

Trust: 0.9

db:BIDid:51747

Trust: 0.9

db:BIDid:51655

Trust: 0.9

db:CNVDid:CNVD-2012-0379

Trust: 0.8

db:JVNDBid:JVNDB-2012-001400

Trust: 0.8

db:SECUNIAid:47774

Trust: 0.8

db:CNNVDid:CNNVD-201201-421

Trust: 0.6

db:HITACHIid:HS12-004

Trust: 0.4

db:IVDid:244E04DE-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-51984

Trust: 0.1

db:PACKETSTORMid:109606

Trust: 0.1

db:PACKETSTORMid:109262

Trust: 0.1

db:PACKETSTORMid:109139

Trust: 0.1

sources: IVD: 244e04de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0379 // VULHUB: VHN-51984 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001400 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201201-421 // CNNVD: CNNVD-201202-037 // NVD: CVE-2011-4039

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-024-01.pdf

Trust: 3.5

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-039-01.pdf

Trust: 2.9

url:http://secunia.com/advisories/47742

Trust: 1.7

url:http://secunia.com/advisories/47933

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4039

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4039

Trust: 0.8

url:http://www.securityfocus.com/bid/51747

Trust: 0.6

url:http://secunia.com/advisories/47774

Trust: 0.6

url:http://www.securityfocus.com/bid/51655

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-004/index.html

Trust: 0.4

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://www.dreamreport.net/php/download/download.php?lang=en

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.3

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.3

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.2

url:http://www.rsaconference.com/events/2012/usa/index.htm

Trust: 0.1

url:http://secunia.com/advisories/47933/

Trust: 0.1

url:http://secunia.com/advisories/47933/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47933

Trust: 0.1

url:http://secunia.com/advisories/47774/

Trust: 0.1

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-004/index.html

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47774

Trust: 0.1

url:http://secunia.com/advisories/47774/#comments

Trust: 0.1

url:http://secunia.com/advisories/47742/

Trust: 0.1

url:http://secunia.com/advisories/47742/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47742

Trust: 0.1

sources: CNVD: CNVD-2012-0379 // VULHUB: VHN-51984 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001400 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201201-421 // CNNVD: CNNVD-201202-037 // NVD: CVE-2011-4039

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.9

sources: BID: 51655 // CNNVD: CNNVD-201202-037

SOURCES

db:IVDid:244e04de-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0379
db:VULHUBid:VHN-51984
db:BIDid:51747
db:BIDid:51655
db:JVNDBid:JVNDB-2012-001400
db:PACKETSTORMid:109606
db:PACKETSTORMid:109262
db:PACKETSTORMid:109139
db:CNNVDid:CNNVD-201201-421
db:CNNVDid:CNNVD-201202-037
db:NVDid:CVE-2011-4039

LAST UPDATE DATE

2024-08-14T15:14:12.711000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0379date:2012-02-03T00:00:00
db:VULHUBid:VHN-51984date:2012-02-14T00:00:00
db:BIDid:51747date:2012-01-31T00:00:00
db:BIDid:51655date:2012-02-08T19:00:00
db:JVNDBid:JVNDB-2012-001400date:2012-02-14T00:00:00
db:CNNVDid:CNNVD-201201-421date:2012-02-02T00:00:00
db:CNNVDid:CNNVD-201202-037date:2012-02-06T00:00:00
db:NVDid:CVE-2011-4039date:2012-02-14T05:00:00

SOURCES RELEASE DATE

db:IVDid:244e04de-2354-11e6-abef-000c29c66e3ddate:2012-02-03T00:00:00
db:CNVDid:CNVD-2012-0379date:2012-02-03T00:00:00
db:VULHUBid:VHN-51984date:2012-02-10T00:00:00
db:BIDid:51747date:2012-01-31T00:00:00
db:BIDid:51655date:2012-01-24T00:00:00
db:JVNDBid:JVNDB-2012-001400date:2012-02-14T00:00:00
db:PACKETSTORMid:109606date:2012-02-09T11:41:27
db:PACKETSTORMid:109262date:2012-01-31T06:49:30
db:PACKETSTORMid:109139date:2012-01-27T07:44:17
db:CNNVDid:CNNVD-201201-421date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201202-037date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4039date:2012-02-10T19:55:01.797