CVE-2012-3005

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
invensysfoxboro_control_software
3.1
invensysfoxboro_control_software
4.0
invensysinfusion_ce\/fe\/scada
𝑥
≤ 2.5
invensysintouch
𝑥
≤ 2012
invensysintouch\/wonderware_application_server
𝑥
≤ 2012
invensysintouch\/wonderware_application_server
10.0
invensysintouch\/wonderware_application_server
10.5
invensyswonderware_historian
𝑥
≤ 10.0
invensyswonderware_historian
10.0
invensyswonderware_inbatch
𝑥
≤ 9.5
invensyswonderware_information_server
𝑥
≤ 4.5
invensyswonderware_information_server
3.1
invensyswonderware_information_server
4.0
invensyswonderware_information_server
4.0:sp1
𝑥
= Vulnerable software versions
References
http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf