Sign-up

ID

VAR-201210-0491


CVE

CVE-2012-0227


TITLE

ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339 // BID: 51601

DESCRIPTION

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. OPC Systems.NET is a .NET product for SCADA, HMI. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2012-0227 // JVNDB: JVNDB-2012-004938 // CNVD: CNVD-2012-0339 // BID: 51601 // IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339

AFFECTED PRODUCTS

vendor:componentonemodel:flexgridscope:eqversion:7.1

Trust: 2.7

vendor:opcsystemsmodel:opcsystems.netscope:eqversion: -

Trust: 1.6

vendor:opcsystemsmodel:opcsystems.netscope:lteversion:4.0

Trust: 1.0

vendor:componentonemodel:flexgrid lightscope:eqversion:7.1

Trust: 0.9

vendor:opcmodel:systems opc systems.netscope:eqversion:0

Trust: 0.9

vendor:open automationmodel:opc systems.netscope: - version: -

Trust: 0.8

vendor:opcsystemsmodel:opcsystems.netscope:eqversion:4.0

Trust: 0.6

vendor:componentonemodel:flexgridscope:eqversion:7.1*

Trust: 0.2

vendor:componentonemodel:flexgrid light opc systems opc systems.netscope:eqversion:7.10

Trust: 0.2

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339 // BID: 51601 // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0227
value: HIGH

Trust: 1.0

NVD: CVE-2012-0227
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201201-378
value: CRITICAL

Trust: 0.6

IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-0227
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-004938 // NVD: CVE-2012-0227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-378

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-378

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004938

PATCH
title:Top Pageurl:http://www.componentone.com/
Trust: 0.8
title:OPC SYSTEMS.NETurl:http://www.opcsystems.com/opc_systems_net.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004938

EXTERNAL IDS
db:NVDid:CVE-2012-0227
Trust: 2.9
db:ICS CERTid:ICSA-12-012-01A
Trust: 2.7
db:BIDid:51601
Trust: 2.5
db:CNVDid:CNVD-2012-0339
Trust: 0.8
db:CNNVDid:CNNVD-201201-378
Trust: 0.8
db:JVNDBid:JVNDB-2012-004938
Trust: 0.8
db:XFid:72604
Trust: 0.6
db:NSFOCUSid:21082
Trust: 0.6
db:IVDid:0F50A568-1F77-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-0339 // 
            
            
            
            BID: 51601 // 
            
            
            
            JVNDB: JVNDB-2012-004938 // 
            
            
            
            CNNVD: CNNVD-201201-378 // 
            
            
            
            NVD: CVE-2012-0227

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01a.pdf
Trust: 2.7
url:http://dsecrg.com/pages/vul/show.php?id=406
Trust: 2.5
url:http://www.securityfocus.com/bid/51601
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72604
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0227
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0227
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/72604
Trust: 0.6
url:http://www.nsfocus.net/vulndb/21082
Trust: 0.6
url:http://www.componentone.com/
Trust: 0.3
url:http://support.microsoft.com/kb/240797
Trust: 0.3
url:www.opcsystems.net
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-0339 // 
            
            
            
            BID: 51601 // 
            
            
            
            JVNDB: JVNDB-2012-004938 // 
            
            
            
            CNNVD: CNNVD-201201-378 // 
            
            
            
            NVD: CVE-2012-0227

CREDITS
Alexandr Polyakov from DSecRG
Trust: 0.9
sources:
            
            
            BID: 51601 // 
            
            
            
            CNNVD: CNNVD-201201-378

SOURCES
db:IVDid:0f50a568-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0339
db:BIDid:51601
db:JVNDBid:JVNDB-2012-004938
db:CNNVDid:CNNVD-201201-378
db:NVDid:CVE-2012-0227

LAST UPDATE DATE
2024-08-14T14:28:06.299000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-10-10T18:20:00
db:JVNDBid:JVNDB-2012-004938date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201201-378date:2012-02-01T00:00:00
db:NVDid:CVE-2012-0227date:2017-08-29T01:30:52.977

SOURCES RELEASE DATE
db:IVDid:0f50a568-1f77-11e6-abef-000c29c66e3ddate:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-004938date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201201-378date:1900-01-01T00:00:00
db:NVDid:CVE-2012-0227date:2012-10-12T20:55:02.083