var-201310-0035
Vulnerability from variot
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Invensys Wonderware InTouch HMI To read any file, to an Internet server HTTP Request sent or service disruption (CPU And memory consumption ) Vulnerabilities exist. Invensys Wonderware InTouch is an HMI created by Invensys Wonderware for applications that design, build, deploy, and maintain production and infrastructure operations. Invensys Wonderware InTouch is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The attacker may also exploit this issue to cause denial-of-service conditions. Invensys Wonderware InTouch 2012 R2 and prior versions are vulnerable. Invensys Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Invensys, UK. The solution creates standardized, reusable visualization applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wonderware intouch",
"scope": "lte",
"trust": 1.0,
"vendor": "invensys",
"version": "2012"
},
{
"model": "wonderware intouch hmi",
"scope": "lte",
"trust": 0.8,
"vendor": "invensys",
"version": "2012 r2"
},
{
"model": "wonderware intouch",
"scope": "eq",
"trust": 0.6,
"vendor": "invensys",
"version": "10.x"
},
{
"model": "wonderware intouch",
"scope": "eq",
"trust": 0.6,
"vendor": "invensys",
"version": "2012"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wonderware intouch",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:invensys:wonderware_intouch",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Nikita Mikhalevsky, Timur Yunusov, Denis Baranov, Ilya Karpov, Vyacheslav Egoshin, Dmitry Serebryannikov, Alexey Osipov, Ivan Poliyanchuk, and Evgeny Ermakov of the Positive Technologies Research Team",
"sources": [
{
"db": "BID",
"id": "62660"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2012-4709",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13371",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-57990",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4709",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4709",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-13371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "VULHUB",
"id": "VHN-57990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Invensys Wonderware InTouch HMI To read any file, to an Internet server HTTP Request sent or service disruption (CPU And memory consumption ) Vulnerabilities exist. Invensys Wonderware InTouch is an HMI created by Invensys Wonderware for applications that design, build, deploy, and maintain production and infrastructure operations. Invensys Wonderware InTouch is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The attacker may also exploit this issue to cause denial-of-service conditions. \nInvensys Wonderware InTouch 2012 R2 and prior versions are vulnerable. Invensys Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Invensys, UK. The solution creates standardized, reusable visualization applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4709"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "BID",
"id": "62660"
},
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57990"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4709",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-13-276-01",
"trust": 2.5
},
{
"db": "BID",
"id": "62660",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2013-13371",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "54923",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C1C0272-1F08-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "95EA02A2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-57990",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "VULHUB",
"id": "VHN-57990"
},
{
"db": "BID",
"id": "62660"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"id": "VAR-201310-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "VULHUB",
"id": "VHN-57990"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
}
]
},
"last_update_date": "2024-08-14T14:58:14.766000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wonderware InTouch HMI",
"trust": 0.8,
"url": "http://global.wonderware.com/EN/Pages/WonderwareInTouchHMI.aspx"
},
{
"title": "Invensys Wonderware InTouch XML External Entity Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/39897"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-276-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4709"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4709"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/54923/"
},
{
"trust": 0.6,
"url": "http://iom.invensys.com/en/pdflibrary/security_bulletin_lfsec00000081.pdf"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62660"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "VULHUB",
"id": "VHN-57990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"db": "VULHUB",
"id": "VHN-57990"
},
{
"db": "BID",
"id": "62660"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"date": "2013-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-57990"
},
{
"date": "2013-09-20T00:00:00",
"db": "BID",
"id": "62660"
},
{
"date": "2013-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"date": "2013-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"date": "2013-10-13T10:20:02.927000",
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13371"
},
{
"date": "2013-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-57990"
},
{
"date": "2013-10-10T08:23:00",
"db": "BID",
"id": "62660"
},
{
"date": "2013-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004624"
},
{
"date": "2013-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-506"
},
{
"date": "2013-10-15T16:41:31.587000",
"db": "NVD",
"id": "CVE-2012-4709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Invensys Wonderware InTouch XML External entity sensitive information disclosure vulnerability",
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-13371"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "4c1c0272-1f08-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "95ea02a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-506"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…