Vulnerability Description
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invensys | Foxboro Control Software | 3.1 |
| Invensys | Infusion Ce\/Fe\/Scada | <= 2.5 |
| Invensys | Intouch | <= 2012 |
| Invensys | Intouch\/Wonderware Application Server | <= 2012 |
| Invensys | Wonderware Historian | <= 10.0 |
| Invensys | Wonderware Inbatch | <= 9.5 |
| Invensys | Wonderware Information Server | <= 4.5 |
References
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdfUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdfUS Government Resource
FAQ
What is CVE-2012-3005?
CVE-2012-3005 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/S...
How severe is CVE-2012-3005?
CVE-2012-3005 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3005?
Check the references section above for vendor advisories and patch information. Affected products include: Invensys Foxboro Control Software, Invensys Infusion Ce\/Fe\/Scada, Invensys Intouch, Invensys Intouch\/Wonderware Application Server, Invensys Wonderware Historian.