Vulnerability Details : CVE-2012-0228
Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2012-0228
Probability of exploitation activity in the next 30 days: 1.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-0228
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0228
-
http://www.securitytracker.com/id?1026887
Wonderware Information Server Bugs Permit Cross-Site Scripting, SQL Injection, and Denial of Service Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/52851
Invensys Wonderware Information Server Multiple Security Vulnerabilities
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://osvdb.org/80890
-
http://www.securitytracker.com/id?1026886
Wonderware Historian Client Bugs Permit Cross-Site Scripting, SQL Injection, and Denial of Service Attacks - SecurityTracker
Products affected by CVE-2012-0228
- cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:invensys:wonderware_information_server:4.5:*:*:*:*:*:*:*