Vulnerability Description
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invensys | Wonderware Archestra Configuration Access Component Activex Control | All versions |
| Invensys | Infusion Integrated Engineering Environment | All versions |
| Invensys | Wonderware Application Server | <= 3.1 |
| Invensys | Wonderware Archestra Integrated Development Environment | All versions |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/703189US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-87MHPT
- http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108Vendor Advisory
- https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm
- http://www.kb.cert.org/vuls/id/703189US Government Resource
- http://www.kb.cert.org/vuls/id/MORO-87MHPT
- http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108Vendor Advisory
- https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm
FAQ
What is CVE-2010-2974?
CVE-2010-2974 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP...
How severe is CVE-2010-2974?
CVE-2010-2974 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2974?
Check the references section above for vendor advisories and patch information. Affected products include: Invensys Wonderware Archestra Configuration Access Component Activex Control, Invensys Infusion Integrated Engineering Environment, Invensys Wonderware Application Server, Invensys Wonderware Archestra Integrated Development Environment.