What is the severity of CVE-2012-3007?

CVE-2012-3007 is classified as a high severity vulnerability due to its potential for remote code execution.

How do I fix CVE-2012-3007?

To fix CVE-2012-3007, you should update to the latest version of Invensys Wonderware SuiteLink or apply any available patches.

Which versions of Invensys software are affected by CVE-2012-3007?

CVE-2012-3007 affects versions of Invensys Wonderware SuiteLink before 58.x, including specific versions of InTouch/Wonderware Application Server and DASABCIP.

What type of vulnerability is CVE-2012-3007?

CVE-2012-3007 is a stack-based buffer overflow vulnerability that can lead to potential system compromise.

What is the impact of exploiting CVE-2012-3007?

Exploiting CVE-2012-3007 could allow an attacker to execute arbitrary code on the affected systems.

Vulnerability/
CVE-2012-3007

medium

CWE

119

5/7/2012

14/8/2012

CVE-2012-3007: Buffer Overflow

First published: Thu Jul 05 2012(Updated: )

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Invensys Dasabcip	<=4.1
Invensys Dasabcip	=4.1
Invensys DAServer Runtime Components	<=3.0
Invensys DAServer Runtime Components	=3.0
Invensys Dassidirect	<=2.0
Invensys Wonderware Application Server	<=10.0
Invensys Wonderware Application Server	<=3.1
Invensys Wonderware Application Server	=3.0
Invensys Wonderware Application Server	=3.0.200-sp2
Invensys Wonderware Application Server	=3.1
Invensys Wonderware Application Server	=3.1-sp1
Invensys Wonderware Application Server	=3.1.201-sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-3007?
CVE-2012-3007 is classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2012-3007?
To fix CVE-2012-3007, you should update to the latest version of Invensys Wonderware SuiteLink or apply any available patches.
Which versions of Invensys software are affected by CVE-2012-3007?
CVE-2012-3007 affects versions of Invensys Wonderware SuiteLink before 58.x, including specific versions of InTouch/Wonderware Application Server and DASABCIP.
What type of vulnerability is CVE-2012-3007?
CVE-2012-3007 is a stack-based buffer overflow vulnerability that can lead to potential system compromise.
What is the impact of exploiting CVE-2012-3007?
Exploiting CVE-2012-3007 could allow an attacker to execute arbitrary code on the affected systems.

agent/references
agent/author
agent/weakness
agent/description
agent/last-modified-date
agent/softwarecombine
agent/type
agent/event
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
vendor/invensys
canonical/invensys dasabcip
version/invensys dasabcip/4.1
canonical/invensys daserver runtime components
version/invensys daserver runtime components/3.0
canonical/invensys dassidirect
version/invensys dassidirect/2.0
canonical/invensys wonderware application server
version/invensys wonderware application server/10.0
version/invensys wonderware application server/3.1
version/invensys wonderware application server/3.0
version/invensys wonderware application server/3.0.200-sp2
version/invensys wonderware application server/3.1-sp1
version/invensys wonderware application server/3.1.201-sp2