CVE-2012-3007

EUVD-2012-2985
Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
invensysdasabcip
𝑥
≤ 4.1
invensysdasabcip
4.1
invensysdaserver_runtime_components
𝑥
≤ 3.0
invensysdaserver_runtime_components
3.0
invensysdassidirect
𝑥
≤ 2.0
invensysintouch\/wonderware_application_server
𝑥
≤ 10.0
invensyswonderware_application_server
𝑥
≤ 3.1
invensyswonderware_application_server
3.0
invensyswonderware_application_server
3.0.200:sp2
invensyswonderware_application_server
3.1
invensyswonderware_application_server
3.1:sp1
invensyswonderware_application_server
3.1.201:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/49173
http://www.securityfocus.com/bid/53563
http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf
http://secunia.com/advisories/49173
http://www.securityfocus.com/bid/53563
http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf