Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-3005
Deferred
More InfoOfficial Page
Source-ics-cert@hq.dhs.gov
View Known Exploited Vulnerability (KEV) details
Published At-26 Jul, 2012 | 10:41
Updated At-11 Apr, 2025 | 00:51

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
invensys
invensys
>>foxboro_control_software>>3.1
cpe:2.3:a:invensys:foxboro_control_software:3.1:*:*:*:*:*:*:*
invensys
invensys
>>foxboro_control_software>>4.0
cpe:2.3:a:invensys:foxboro_control_software:4.0:*:*:*:*:*:*:*
invensys
invensys
>>infusion_ce\/fe\/scada>>Versions up to 2.5(inclusive)
cpe:2.3:a:invensys:infusion_ce\/fe\/scada:*:*:*:*:*:*:*:*
invensys
invensys
>>intouch>>Versions up to 2012(inclusive)
cpe:2.3:a:invensys:intouch:*:*:*:*:*:*:*:*
invensys
invensys
>>intouch\/wonderware_application_server>>Versions up to 2012(inclusive)
cpe:2.3:a:invensys:intouch\/wonderware_application_server:*:*:*:*:*:*:*:*
invensys
invensys
>>intouch\/wonderware_application_server>>10.0
cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.0:*:*:*:*:*:*:*
invensys
invensys
>>intouch\/wonderware_application_server>>10.5
cpe:2.3:a:invensys:intouch\/wonderware_application_server:10.5:*:*:*:*:*:*:*
invensys
invensys
>>wonderware_historian>>Versions up to 10.0(inclusive)
cpe:2.3:a:invensys:wonderware_historian:*:sp1:*:*:*:*:*:*
invensys
invensys
>>wonderware_historian>>10.0
cpe:2.3:a:invensys:wonderware_historian:10.0:*:*:*:*:*:*:*
invensys
invensys
>>wonderware_inbatch>>Versions up to 9.5(inclusive)
cpe:2.3:a:invensys:wonderware_inbatch:*:sp1:*:*:*:*:*:*
invensys
invensys
>>wonderware_information_server>>Versions up to 4.5(inclusive)
cpe:2.3:a:invensys:wonderware_information_server:*:*:*:*:*:*:*:*
invensys
invensys
>>wonderware_information_server>>3.1
cpe:2.3:a:invensys:wonderware_information_server:3.1:*:*:*:*:*:*:*
invensys
invensys
>>wonderware_information_server>>4.0
cpe:2.3:a:invensys:wonderware_information_server:4.0:*:*:*:*:*:*:*
invensys
invensys
>>wonderware_information_server>>4.0
cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
Evaluator Description
Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdfics-cert@hq.dhs.gov
US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdfaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
Change History
0Changes found
Details not found