Vulnerability Details CVE-2012-0228
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/80890
- http://secunia.com/advisories/48603
- http://www.securityfocus.com/bid/52851
- http://www.securitytracker.com/id?1026886
- http://www.securitytracker.com/id?1026887
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
- http://osvdb.org/80890
- http://secunia.com/advisories/48603
- http://www.securityfocus.com/bid/52851
- http://www.securitytracker.com/id?1026886
- http://www.securitytracker.com/id?1026887
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
Products affected by CVE-2012-0228
-
cpe:2.3:a:invensys:wonderware_information_server:4.0
-
cpe:2.3:a:invensys:wonderware_information_server:4.5