Vulnerability Description
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dreamreport | Dream Report | <= 3.43 |
| Invensys | Wonderware Hmi Reports | <= 3.42.835.0304 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/47742Vendor Advisory
- http://secunia.com/advisories/47933Vendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdfUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdfUS Government Resource
- http://secunia.com/advisories/47742Vendor Advisory
- http://secunia.com/advisories/47933Vendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdfUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdfUS Government Resource
FAQ
What is CVE-2011-4039?
CVE-2011-4039 is a vulnerability with a CVSS score of 9.3 (HIGH). Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via...
How severe is CVE-2011-4039?
CVE-2011-4039 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4039?
Check the references section above for vendor advisories and patch information. Affected products include: Dreamreport Dream Report, Invensys Wonderware Hmi Reports.