VAR-201311-0453
Vulnerability from variot - Updated: 2022-05-17 01:51This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process. ABB MicroSCADA wserver.exe The \"CreateProcessA()\" function fails to properly filter the input submitted by the user to the parameter, allowing the remote attacker to exploit the vulnerability to send a specially crafted request to the TCP port 12221 to trigger a stack-based buffer overflow, which can crash the application or Execute arbitrary code in the SYSTEM context. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. There is a code execution vulnerability in ABB MicroSCADA that originates from a program that does not properly filter input submitted by users
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "microscada",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "9.x"
},
{
"_id": null,
"model": "microscada",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
}
]
},
"credits": {
"_id": null,
"data": "Brian Gorenc",
"sources": [
{
"db": "BID",
"id": "63901"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
}
],
"trust": 0.9
},
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-270",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14746",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-270",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14746",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process. ABB MicroSCADA wserver.exe The \\\"CreateProcessA()\\\" function fails to properly filter the input submitted by the user to the parameter, allowing the remote attacker to exploit the vulnerability to send a specially crafted request to the TCP port 12221 to trigger a stack-based buffer overflow, which can crash the application or Execute arbitrary code in the SYSTEM context. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. \nThere is a code execution vulnerability in ABB MicroSCADA that originates from a program that does not properly filter input submitted by users",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
},
{
"db": "BID",
"id": "63901"
},
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
}
],
"trust": 2.16
},
"external_ids": {
"_id": null,
"data": [
{
"db": "BID",
"id": "63901",
"trust": 1.5
},
{
"db": "ZDI",
"id": "ZDI-13-270",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2013-14746",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1785",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433",
"trust": 0.6
},
{
"db": "IVD",
"id": "5BB49026-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
},
{
"db": "BID",
"id": "63901"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
}
]
},
"id": "VAR-201311-0453",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
}
],
"trust": 1.58571427
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
}
]
},
"last_update_date": "2022-05-17T01:51:11.545000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ABB has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf"
},
{
"title": "ABB MicroSCADA \u0027wserver.exe\u0027 patch for remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41343"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/abb_softwarevulnerabilityhandlingadvisory_abb-vu-psac-1mrs235805.pdf"
},
{
"trust": 0.6,
"url": "http://www.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-270/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/63901"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-270"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
},
{
"db": "BID",
"id": "63901"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-13-270",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2013-14746",
"ident": null
},
{
"db": "BID",
"id": "63901",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201311-433",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-270",
"ident": null
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14746",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63901",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-433",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-270",
"ident": null
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14746",
"ident": null
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63901",
"ident": null
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-433",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ABB MicroSCADA \u0027wserver.exe\u0027 Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "5bb49026-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14746"
},
{
"db": "BID",
"id": "63901"
}
],
"trust": 1.1
},
"type": {
"_id": null,
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-433"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…