CVE-2012-1801

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.

CVSS v2.0 7.7 HIGH

7.7^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 5.1 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf	US Government Resource
http://secunia.com/advisories/48693
http://www.securityfocus.com/bid/52888

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abb:s4_opc_server:-:::::::*
	cpe:2.3:a:abb:quickteach:-:::::::*
	cpe:2.3:a:abb:webware_server:-:::::::*
	cpe:2.3:a:abb:robotstudio_s4:-:::::::*
	cpe:2.3:a:abb:robotstudio_lite:-:::::::*
	cpe:2.3:a:abb:webware_sdk:-:::::::*
	cpe:2.3:a:abb:interlink_module:-:::::::*

Information

Published : 2012-04-18 03:33

Updated : 2017-12-19 18:29

NVD link : CVE-2012-1801

Mitre link : CVE-2012-1801

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

abb

interlink_module
webware_sdk
s4_opc_server
quickteach
webware_server
robotstudio_s4
robotstudio_lite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf", "name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf", "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/48693", "name": "48693", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/52888", "name": "52888", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1801", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-04-18T10:33Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:abb:s4_opc_server:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:quickteach:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:robotstudio_s4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:robotstudio_lite:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-20T02:29Z"}