CVE-2012-0228

EUVD-2012-0264
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
invensyswonderware_information_server
4.0:sp1
invensyswonderware_information_server
4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/80890
http://secunia.com/advisories/48603
http://www.securityfocus.com/bid/52851
http://www.securitytracker.com/id?1026886
http://www.securitytracker.com/id?1026887
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
http://osvdb.org/80890
http://secunia.com/advisories/48603
http://www.securityfocus.com/bid/52851
http://www.securitytracker.com/id?1026886
http://www.securitytracker.com/id?1026887
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf