ID

VAR-201210-0491


CVE

CVE-2012-0227


TITLE

ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339 // BID: 51601

DESCRIPTION

Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method. OPC Systems.NET is a .NET product for SCADA, HMI. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2012-0227 // JVNDB: JVNDB-2012-004938 // CNVD: CNVD-2012-0339 // BID: 51601 // IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339

AFFECTED PRODUCTS

vendor:componentonemodel:flexgridscope:eqversion:7.1

Trust: 2.7

vendor:opcsystemsmodel:opcsystems.netscope:eqversion: -

Trust: 1.6

vendor:opcsystemsmodel:opcsystems.netscope:lteversion:4.0

Trust: 1.0

vendor:componentonemodel:flexgrid lightscope:eqversion:7.1

Trust: 0.9

vendor:opcmodel:systems opc systems.netscope:eqversion:0

Trust: 0.9

vendor:open automationmodel:opc systems.netscope: - version: -

Trust: 0.8

vendor:opcsystemsmodel:opcsystems.netscope:eqversion:4.0

Trust: 0.6

vendor:componentonemodel:flexgridscope:eqversion:7.1*

Trust: 0.2

vendor:componentonemodel:flexgrid light opc systems opc systems.netscope:eqversion:7.10

Trust: 0.2

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339 // BID: 51601 // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0227
value: HIGH

Trust: 1.0

NVD: CVE-2012-0227
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201201-378
value: CRITICAL

Trust: 0.6

IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-0227
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-004938 // NVD: CVE-2012-0227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-378

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201201-378

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004938

PATCH

title:Top Pageurl:http://www.componentone.com/

Trust: 0.8

title:OPC SYSTEMS.NETurl:http://www.opcsystems.com/opc_systems_net.htm

Trust: 0.8

sources: JVNDB: JVNDB-2012-004938

EXTERNAL IDS

db:NVDid:CVE-2012-0227

Trust: 2.9

db:ICS CERTid:ICSA-12-012-01A

Trust: 2.7

db:BIDid:51601

Trust: 2.5

db:CNVDid:CNVD-2012-0339

Trust: 0.8

db:CNNVDid:CNNVD-201201-378

Trust: 0.8

db:JVNDBid:JVNDB-2012-004938

Trust: 0.8

db:XFid:72604

Trust: 0.6

db:NSFOCUSid:21082

Trust: 0.6

db:IVDid:0F50A568-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 0f50a568-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0339 // BID: 51601 // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01a.pdf

Trust: 2.7

url:http://dsecrg.com/pages/vul/show.php?id=406

Trust: 2.5

url:http://www.securityfocus.com/bid/51601

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72604

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0227

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0227

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/72604

Trust: 0.6

url:http://www.nsfocus.net/vulndb/21082

Trust: 0.6

url:http://www.componentone.com/

Trust: 0.3

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:www.opcsystems.net

Trust: 0.3

sources: CNVD: CNVD-2012-0339 // BID: 51601 // JVNDB: JVNDB-2012-004938 // CNNVD: CNNVD-201201-378 // NVD: CVE-2012-0227

CREDITS

Alexandr Polyakov from DSecRG

Trust: 0.9

sources: BID: 51601 // CNNVD: CNNVD-201201-378

SOURCES

db:IVDid:0f50a568-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0339
db:BIDid:51601
db:JVNDBid:JVNDB-2012-004938
db:CNNVDid:CNNVD-201201-378
db:NVDid:CVE-2012-0227

LAST UPDATE DATE

2024-08-14T14:28:06.299000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-10-10T18:20:00
db:JVNDBid:JVNDB-2012-004938date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201201-378date:2012-02-01T00:00:00
db:NVDid:CVE-2012-0227date:2017-08-29T01:30:52.977

SOURCES RELEASE DATE

db:IVDid:0f50a568-1f77-11e6-abef-000c29c66e3ddate:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-004938date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201201-378date:1900-01-01T00:00:00
db:NVDid:CVE-2012-0227date:2012-10-12T20:55:02.083