ID

VAR-201202-0159


CVE

CVE-2011-4038


TITLE

Dream Report Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0377

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Dream Report is an integrated reporting solution for industrial automation. The Ocean Data Dream Report application lacks sufficient filtering of query string parameter values, can lead to cross-site scripting attacks, build specially crafted URLs, entice users to parse, get sensitive information, or hijack user sessions. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Hitachi JP1/IT Desktop Management Manager 09-50 is vulnerable. Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible. These issues affect Dream Report Versions prior to 4.0. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ocean Data Systems Dream Report Two Vulnerabilities SECUNIA ADVISORY ID: SA47742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 RELEASE DATE: 2012-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/47742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Ocean Data Systems Dream Report, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) Certain unspecified is not properly sanitised before being returned to the user. 2) An unspecified error when loading certain files can be exploited to corrupt memory via a specially crafted file. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires tricking a user into loading a malicious file. SOLUTION: Upgrade to version 4.0. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Billy Rios and Terry McCorkle. ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.24

sources: NVD: CVE-2011-4038 // JVNDB: JVNDB-2012-001399 // CNVD: CNVD-2012-0377 // BID: 51747 // BID: 51655 // IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51983 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0377

AFFECTED PRODUCTS

vendor:invensysmodel:wonderware hmi reportsscope:lteversion:3.42.835.0304

Trust: 1.8

vendor:dreamreportmodel:dream reportscope:eqversion:3.41

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:eqversion:3.42

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:eqversion:3.21

Trust: 1.6

vendor:dreamreportmodel:dream reportscope:lteversion:3.43

Trust: 1.0

vendor:oceanmodel:data systems dream reportsscope:eqversion:3.0

Trust: 0.9

vendor:dreamreportmodel:dream reportscope:eqversion:3.43

Trust: 0.6

vendor:hitachimodel:jp1/it desktop management managerscope:eqversion:-09-50

Trust: 0.3

vendor:hitachimodel:jp1/it desktop management managerscope:neversion:-09-50-01

Trust: 0.3

vendor:invensysmodel:wonderware hmi reportsscope:eqversion:3.42.835.0304

Trust: 0.3

vendor:oceanmodel:data systems dream reportsscope:neversion:4.0

Trust: 0.3

vendor:dream reportmodel: - scope:eqversion:3.21

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:3.41

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:3.42

Trust: 0.2

vendor:dream reportmodel: - scope:eqversion:*

Trust: 0.2

vendor:wonderware hmi reportsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0377 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001399 // CNNVD: CNNVD-201202-036 // NVD: CVE-2011-4038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4038
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4038
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-036
value: MEDIUM

Trust: 0.6

IVD: 23e8b278-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-51983
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4038
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 23e8b278-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-51983
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51983 // JVNDB: JVNDB-2012-001399 // CNNVD: CNNVD-201202-036 // NVD: CVE-2011-4038

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-51983 // JVNDB: JVNDB-2012-001399 // NVD: CVE-2011-4038

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201202-036 // CNNVD: CNNVD-201201-421

TYPE

xss

Trust: 1.5

sources: PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201202-036 // CNNVD: CNNVD-201201-421

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001399

PATCH

title:Top Pageurl:http://global.wonderware.com

Trust: 0.8

title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx

Trust: 0.8

title:Wonderware Top Pageurl:http://global.wonderware.com/JP/pages/default.aspx

Trust: 0.8

title:Patch for Dream Report Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/8684

Trust: 0.6

sources: CNVD: CNVD-2012-0377 // JVNDB: JVNDB-2012-001399

EXTERNAL IDS

db:NVDid:CVE-2011-4038

Trust: 3.6

db:ICS CERTid:ICSA-12-024-01

Trust: 3.5

db:ICS CERTid:ICSA-12-039-01

Trust: 2.9

db:SECUNIAid:47742

Trust: 1.9

db:SECUNIAid:47933

Trust: 1.9

db:CNNVDid:CNNVD-201202-036

Trust: 0.9

db:BIDid:51747

Trust: 0.9

db:BIDid:51655

Trust: 0.9

db:CNVDid:CNVD-2012-0377

Trust: 0.8

db:JVNDBid:JVNDB-2012-001399

Trust: 0.8

db:SECUNIAid:47774

Trust: 0.8

db:CNNVDid:CNNVD-201201-421

Trust: 0.6

db:HITACHIid:HS12-004

Trust: 0.4

db:IVDid:23E8B278-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-51983

Trust: 0.1

db:PACKETSTORMid:109606

Trust: 0.1

db:PACKETSTORMid:109262

Trust: 0.1

db:PACKETSTORMid:109139

Trust: 0.1

sources: IVD: 23e8b278-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0377 // VULHUB: VHN-51983 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001399 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201202-036 // CNNVD: CNNVD-201201-421 // NVD: CVE-2011-4038

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-024-01.pdf

Trust: 2.9

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-039-01.pdf

Trust: 2.9

url:http://secunia.com/advisories/47742

Trust: 1.7

url:http://secunia.com/advisories/47933

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4038

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4038

Trust: 0.8

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-024-01.pdfhttp

Trust: 0.6

url:http://secunia.com/advisories/47774

Trust: 0.6

url:http://www.securityfocus.com/bid/51655

Trust: 0.6

url:http://www.securityfocus.com/bid/51747

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-004/index.html

Trust: 0.4

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://www.dreamreport.net/php/download/download.php?lang=en

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.3

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.3

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.2

url:http://www.rsaconference.com/events/2012/usa/index.htm

Trust: 0.1

url:http://secunia.com/advisories/47933/

Trust: 0.1

url:http://secunia.com/advisories/47933/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47933

Trust: 0.1

url:http://secunia.com/advisories/47774/

Trust: 0.1

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-004/index.html

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47774

Trust: 0.1

url:http://secunia.com/advisories/47774/#comments

Trust: 0.1

url:http://secunia.com/advisories/47742/

Trust: 0.1

url:http://secunia.com/advisories/47742/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47742

Trust: 0.1

sources: CNVD: CNVD-2012-0377 // VULHUB: VHN-51983 // BID: 51747 // BID: 51655 // JVNDB: JVNDB-2012-001399 // PACKETSTORM: 109606 // PACKETSTORM: 109262 // PACKETSTORM: 109139 // CNNVD: CNNVD-201202-036 // CNNVD: CNNVD-201201-421 // NVD: CVE-2011-4038

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.9

sources: BID: 51655 // CNNVD: CNNVD-201202-036

SOURCES

db:IVDid:23e8b278-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0377
db:VULHUBid:VHN-51983
db:BIDid:51747
db:BIDid:51655
db:JVNDBid:JVNDB-2012-001399
db:PACKETSTORMid:109606
db:PACKETSTORMid:109262
db:PACKETSTORMid:109139
db:CNNVDid:CNNVD-201202-036
db:CNNVDid:CNNVD-201201-421
db:NVDid:CVE-2011-4038

LAST UPDATE DATE

2024-08-14T15:14:12.643000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0377date:2012-02-03T00:00:00
db:VULHUBid:VHN-51983date:2012-02-14T00:00:00
db:BIDid:51747date:2012-01-31T00:00:00
db:BIDid:51655date:2012-02-08T19:00:00
db:JVNDBid:JVNDB-2012-001399date:2012-02-14T00:00:00
db:CNNVDid:CNNVD-201202-036date:2012-02-06T00:00:00
db:CNNVDid:CNNVD-201201-421date:2012-02-02T00:00:00
db:NVDid:CVE-2011-4038date:2012-02-14T05:00:00

SOURCES RELEASE DATE

db:IVDid:23e8b278-2354-11e6-abef-000c29c66e3ddate:2012-02-03T00:00:00
db:CNVDid:CNVD-2012-0377date:2012-02-03T00:00:00
db:VULHUBid:VHN-51983date:2012-02-10T00:00:00
db:BIDid:51747date:2012-01-31T00:00:00
db:BIDid:51655date:2012-01-24T00:00:00
db:JVNDBid:JVNDB-2012-001399date:2012-02-14T00:00:00
db:PACKETSTORMid:109606date:2012-02-09T11:41:27
db:PACKETSTORMid:109262date:2012-01-31T06:49:30
db:PACKETSTORMid:109139date:2012-01-27T07:44:17
db:CNNVDid:CNNVD-201202-036date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201201-421date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4038date:2012-02-10T19:55:01.750