9.3
CVE-2011-4039
- EPSS 4.28%
- Veröffentlicht 10.02.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:34:19
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dreamreport ≫ Dream Report Version <= 3.43
Dreamreport ≫ Dream Report Version3.21
Dreamreport ≫ Dream Report Version3.41
Dreamreport ≫ Dream Report Version3.42
Invensys ≫ Wonderware Hmi Reports Version <= 3.42.835.0304
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.28% | 0.898 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/47742
http://secunia.com/advisories/47933
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf