CVE ID | |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
ABB |
AFFECTED PRODUCTS |
MicroSCADA |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['13138']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process. |
ADDITIONAL DETAILS |
ABB has issued an update to correct this vulnerability. More details can be found at:
http://www05.abb.com/global/scot/scot229.nsf/veritydisplay/41ccfa8ccd0431e6c1257c1200395574/$file/ABB_SoftwareVulnerabilityHandlingAdvisory_ABB-VU-PSAC-1MRS235805.pdf |
DISCLOSURE TIMELINE |
|
CREDIT | Brian Gorenc HP Zero Day Initiative |