CVE-2012-1801 - OpenCVE

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Abb	Interlink Module S4 Opc Server Robotstudio Lite Webware Sdk Quickteach Robotstudio S4 Webware Server

Configuration 1 [-]

OR	cpe:2.3:a:abb:interlink_module:-:::::::*
	cpe:2.3:a:abb:quickteach:-:::::::*
	cpe:2.3:a:abb:robotstudio_lite:-:::::::*
	cpe:2.3:a:abb:robotstudio_s4:-:::::::*
	cpe:2.3:a:abb:s4_opc_server:-:::::::*
	cpe:2.3:a:abb:webware_sdk:-:::::::*
	cpe:2.3:a:abb:webware_server:-:::::::*

References

Link	Resource
http://secunia.com/advisories/48693
http://www.securityfocus.com/bid/52888
http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf	US Government Resource
http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2012-04-18T10:00:00

Updated: 2017-12-19T19:57:01

Reserved: 2012-03-21T00:00:00

Link: CVE-2012-1801

JSON object: View

NVD Information

Status : Modified

Published: 2012-04-18T10:33:35.417

Modified: 2023-11-07T02:10:20.220

Link: CVE-2012-1801

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-19T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"name": "48693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48693"}, {"name": "52888", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52888"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-1801", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"name": "48693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48693"}, {"name": "52888", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52888"}, {"name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf", "refsource": "CONFIRM", "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-1801", "datePublished": "2012-04-18T10:00:00", "dateReserved": "2012-03-21T00:00:00", "dateUpdated": "2017-12-19T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3613C59-4589-43B6-8B92-CD1D99CA5E08", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:quickteach:-:*:*:*:*:*:*:*", "matchCriteriaId": "060957B9-B811-45D0-B6C6-AA3ABD8415E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:robotstudio_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDB58170-F332-442A-8470-523DAEE3C544", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:robotstudio_s4:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA154046-8D05-4D9E-A1BF-65E36D9E92C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:s4_opc_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F891948-4044-4D71-97E0-AB6E76830020", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C6E8AF2-2353-48A7-805A-A11D3D689F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "B02E9A10-D707-44BF-B37E-A457BDF3BB88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados ??en la pila en controles (1) COM y (2) ActiveX en ABB WebWare Server SDK WebWare, M\u00f3dulo de Interlink, S4 Servidor OPC, QuickTeach, S4 RobotStudio y RobotStudio Lite permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la entrada modificada."}], "id": "CVE-2012-1801", "lastModified": "2023-11-07T02:10:20.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-18T10:33:35.417", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/48693"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/52888"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf"}, {"source": "cret@cert.org", "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/SI10231A2%20rev%200.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}