CVE-2012-3005

Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Published: Jul 26, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3005
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
invensys / wonderware_historian	-	10.0.x
invensys / infusion_ce/fe/scada	-	2.5.x
invensys / foxboro_control_software	4.0	4.0.x
invensys / wonderware_historian	10.0	10.0.x
invensys / wonderware_information_server	4.0-sp1	4.0-sp1.x
invensys / foxboro_control_software	3.1	3.1.x
invensys / intouch	-	2012.x
invensys / wonderware_information_server	3.1	3.1.x
invensys / wonderware_information_server	4.0	4.0.x
invensys / wonderware_inbatch	-	9.5.x
invensys / intouch/wonderware_application_server	10.5	10.5.x
invensys / wonderware_information_server	-	4.5.x
invensys / intouch/wonderware_application_server	10.0	10.0.x
invensys / intouch/wonderware_application_server	-	2012.x

http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf

Vulnerability Database

CVE-2012-3005