CVE-2012-3005
First published: Thu Jul 26 2012(Updated: )
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Invensys Foxboro Control Software | =3.1 | |
| Invensys Foxboro Control Software | =4.0 | |
| Invensys Infusion Ce\/fe\/scada | <=2.5 | |
| AVEVA InTouch 2014 | <=2012 | |
| Invensys Intouch\/wonderware Application Server | <=2012 | |
| Invensys Intouch\/wonderware Application Server | =10.0 | |
| Invensys Intouch\/wonderware Application Server | =10.5 | |
| Invensys Wonderware Historian | <=10.0 | |
| Invensys Wonderware Historian | =10.0 | |
| Invensys Wonderware InBatch | <=9.5 | |
| Invensys Wonderware Information Server | <=4.5 | |
| Invensys Wonderware Information Server | =3.1 | |
| Invensys Wonderware Information Server | =4.0 | |
| Invensys Wonderware Information Server | =4.0-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-3005?
CVE-2012-3005 has a moderate severity rating as it allows local users to gain elevated privileges.
How do I fix CVE-2012-3005?
To fix CVE-2012-3005, implement updates and patches provided by Invensys for the affected software.
What software is impacted by CVE-2012-3005?
CVE-2012-3005 affects various Invensys products including InTouch, Wonderware Application Server, and Wonderware Historian.
Can CVE-2012-3005 be exploited remotely?
CVE-2012-3005 requires local user access to exploit, making remote exploitation less likely.
What types of permissions can an attacker gain through CVE-2012-3005?
An attacker exploiting CVE-2012-3005 can gain elevated privileges, potentially allowing them to execute unauthorized actions.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/invensys
- canonical/invensys foxboro control software
- version/invensys foxboro control software/3.1
- version/invensys foxboro control software/4.0
- canonical/invensys infusion ce\/fe\/scada
- version/invensys infusion ce\/fe\/scada/2.5
- canonical/aveva intouch 2014
- version/aveva intouch 2014/2012
- canonical/invensys intouch\/wonderware application server
- version/invensys intouch\/wonderware application server/2012
- version/invensys intouch\/wonderware application server/10.0
- version/invensys intouch\/wonderware application server/10.5
- canonical/invensys wonderware historian
- version/invensys wonderware historian/10.0
- canonical/invensys wonderware inbatch
- version/invensys wonderware inbatch/9.5
- canonical/invensys wonderware information server
- version/invensys wonderware information server/4.5
- version/invensys wonderware information server/3.1
- version/invensys wonderware information server/4.0
- version/invensys wonderware information server/4.0-sp1