CVE-2010-2974
CVSS V2 High 9.3
CVSS V3 None
Description
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
Overview
- CVE ID
- CVE-2010-2974
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2010-08-05T19:17:55
- Last Modified Date
- 2010-08-09T04:00:00
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:invensys:wonderware_archestra_configuration_access_component_activex_control:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:infusion_integrated_engineering_environment:*:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:a:invensys:wonderware_application_server:*:sp2:*:*:*:*:*:* | 1 | OR | 3.1 | |
| cpe:2.3:a:invensys:wonderware_application_server:2.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:wonderware_application_server:2.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:wonderware_application_server:3.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:wonderware_application_server:3.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:wonderware_application_server:3.1:sp1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:invensys:wonderware_archestra_integrated_development_environment:*:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
References
| Reference URL | Reference Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/703189 | US Government Resource |
| http://www.kb.cert.org/vuls/id/MORO-87MHPT | |
| https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm | |
| http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2010-2974 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2974 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 11:09:43 | Added to TrackCVE |