Vulnerability Description
Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invensys | Dasabcip | <= 4.1 |
| Invensys | Daserver Runtime Components | <= 3.0 |
| Invensys | Dassidirect | <= 2.0 |
| Invensys | Intouch\/Wonderware Application Server | <= 10.0 |
| Invensys | Wonderware Application Server | <= 3.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/49173
- http://www.securityfocus.com/bid/53563
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdfUS Government Resource
- http://secunia.com/advisories/49173
- http://www.securityfocus.com/bid/53563
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdfUS Government Resource
FAQ
What is CVE-2012-3007?
CVE-2012-3007 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 a...
How severe is CVE-2012-3007?
CVE-2012-3007 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3007?
Check the references section above for vendor advisories and patch information. Affected products include: Invensys Dasabcip, Invensys Daserver Runtime Components, Invensys Dassidirect, Invensys Intouch\/Wonderware Application Server, Invensys Wonderware Application Server.