var-200711-0210
Vulnerability from variot
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share. Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer. InTouch 8.0 is vulnerable.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
TITLE: Invensys Wonderware InTouch Insecure NetDDE Share Permissions Security Issue
SECUNIA ADVISORY ID: SA27751
VERIFY ADVISORY: http://secunia.com/advisories/27751/
CRITICAL: Less critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: Invensys Wonderware InTouch 8.x http://secunia.com/product/16628/
DESCRIPTION: A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
The security issue is reported in version 8.0.
SOLUTION: Apply updates or upgrade to version 9.0 or later (see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Discovered by Neutralbit and reported via US-CERT with assistance from Digital Bond.
ORIGINAL ADVISORY: Wonderware: http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804
US-CERT VU#138633: http://www.kb.cert.org/vuls/id/138633
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "intouch",
"scope": "eq",
"trust": 2.7,
"vendor": "wonderware",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "invensys",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "takebishi",
"version": null
},
{
"_id": null,
"model": "intouch",
"scope": "eq",
"trust": 0.8,
"vendor": "wonderware",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intouch",
"version": "8.0"
}
],
"sources": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#138633"
},
{
"db": "BID",
"id": "26496"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
},
{
"db": "NVD",
"id": "CVE-2007-6033"
}
]
},
"credits": {
"_id": null,
"data": "Neutralbit, with assistance from Digital Bond, discovered this issue.",
"sources": [
{
"db": "BID",
"id": "26496"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
}
],
"trust": 0.9
},
"cve": "CVE-2007-6033",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2007-6033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2007-6033",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2007-6033",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6033",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#138633",
"trust": 0.8,
"value": "0.57"
},
{
"author": "NVD",
"id": "CVE-2007-6033",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-272",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2007-6033",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#138633"
},
{
"db": "VULMON",
"id": "CVE-2007-6033"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
},
{
"db": "NVD",
"id": "CVE-2007-6033"
}
]
},
"description": {
"_id": null,
"data": "Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share. \nAttackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer. \nInTouch 8.0 is vulnerable. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nInvensys Wonderware InTouch Insecure NetDDE Share Permissions\nSecurity Issue\n\nSECUNIA ADVISORY ID:\nSA27751\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27751/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nInvensys Wonderware InTouch 8.x\nhttp://secunia.com/product/16628/\n\nDESCRIPTION:\nA security issue has been reported in Invensys Wonderware InTouch,\nwhich potentially can be exploited by malicious users to compromise a\nvulnerable system. \n\nThe security issue is reported in version 8.0. \n\nSOLUTION:\nApply updates or upgrade to version 9.0 or later (see vendor\u0027s\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered by Neutralbit and reported via US-CERT with assistance\nfrom Digital Bond. \n\nORIGINAL ADVISORY:\nWonderware:\nhttp://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2\u0026NewsID=201804\n\nUS-CERT VU#138633:\nhttp://www.kb.cert.org/vuls/id/138633\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6033"
},
{
"db": "CERT/CC",
"id": "VU#138633"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "BID",
"id": "26496"
},
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2007-6033"
},
{
"db": "PACKETSTORM",
"id": "61250"
}
],
"trust": 2.97
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-6033",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#138633",
"trust": 3.7
},
{
"db": "SECUNIA",
"id": "27751",
"trust": 2.7
},
{
"db": "BID",
"id": "26496",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "42398",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343",
"trust": 0.8
},
{
"db": "IVD",
"id": "2424B4DC-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2007-6033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61250",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#138633"
},
{
"db": "VULMON",
"id": "CVE-2007-6033"
},
{
"db": "BID",
"id": "26496"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "PACKETSTORM",
"id": "61250"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
},
{
"db": "NVD",
"id": "CVE-2007-6033"
}
]
},
"id": "VAR-200711-0210",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 0.7940171
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2024-11-23T23:03:16.621000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://global.wonderware.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "NVD",
"id": "CVE-2007-6033"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/138633"
},
{
"trust": 2.9,
"url": "http://pacwest.wonderware.com/web/news/newsdetails.aspx?newsthreadid=2\u0026newsid=201804"
},
{
"trust": 2.5,
"url": "http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/26496"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27751"
},
{
"trust": 1.7,
"url": "http://osvdb.org/42398"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/27751/"
},
{
"trust": 0.8,
"url": "http://us.wonderware.com/aboutus/whoweare/contactus.htm"
},
{
"trust": 0.8,
"url": "http://blogs.msdn.com/nickkramer/archive/2006/04/18/577962.aspx"
},
{
"trust": 0.8,
"url": "http://msdn2.microsoft.com/en-us/library/ms648711.aspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;125703"
},
{
"trust": 0.8,
"url": "http://lists.immunitysec.com/pipermail/dailydave/2004-october/001014.html"
},
{
"trust": 0.8,
"url": "http://www.digitalbond.com/index.php/2008/01/29/vulnerable-netdde-shares-lead-to-complete-system-compromise/"
},
{
"trust": 0.8,
"url": "http://www.digitalbond.com/wiki/index.php/invensys_wonderware_intouch_creates_insecure_netdde_share"
},
{
"trust": 0.8,
"url": "http://technet2.microsoft.com/windowsserver/en/library/2c82586e-bd58-42b7-9976-228a23721e351033.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/278259"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/243330"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6033"
},
{
"trust": 0.3,
"url": "http://us.wonderware.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16628/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#138633"
},
{
"db": "VULMON",
"id": "CVE-2007-6033"
},
{
"db": "BID",
"id": "26496"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343"
},
{
"db": "PACKETSTORM",
"id": "61250"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
},
{
"db": "NVD",
"id": "CVE-2007-6033"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "CERT/CC",
"id": "VU#138633",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2007-6033",
"ident": null
},
{
"db": "BID",
"id": "26496",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006343",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "61250",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200711-272",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-6033",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-11-19T00:00:00",
"db": "IVD",
"id": "2424b4dc-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2007-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#138633",
"ident": null
},
{
"date": "2007-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6033",
"ident": null
},
{
"date": "2007-11-19T00:00:00",
"db": "BID",
"id": "26496",
"ident": null
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006343",
"ident": null
},
{
"date": "2007-11-27T03:39:45",
"db": "PACKETSTORM",
"id": "61250",
"ident": null
},
{
"date": "2007-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-272",
"ident": null
},
{
"date": "2007-11-20T02:46:00",
"db": "NVD",
"id": "CVE-2007-6033",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2008-02-26T00:00:00",
"db": "CERT/CC",
"id": "VU#138633",
"ident": null
},
{
"date": "2008-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6033",
"ident": null
},
{
"date": "2007-12-18T20:06:00",
"db": "BID",
"id": "26496",
"ident": null
},
{
"date": "2024-02-22T05:18:00",
"db": "JVNDB",
"id": "JVNDB-2007-006343",
"ident": null
},
{
"date": "2007-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-272",
"ident": null
},
{
"date": "2024-11-21T00:39:13.233000",
"db": "NVD",
"id": "CVE-2007-6033",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Invensys Wonderware InTouch creates insecure NetDDE share",
"sources": [
{
"db": "CERT/CC",
"id": "VU#138633"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-272"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…