CVE-2007-6033
8.8
CVSS Score
High
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Link copied!
Description
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a wonderware intouch 8.0 * * * * * * *
Weaknesses (CWE)
- CWE-732
References & External Links
- http://osvdb.org/42398
- http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804
- http://secunia.com/advisories/27751
- http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/
- http://www.kb.cert.org/vuls/id/138633
- http://www.securityfocus.com/bid/26496
- http://osvdb.org/42398
- http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804
- http://secunia.com/advisories/27751
- http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/
- http://www.kb.cert.org/vuls/id/138633
- http://www.securityfocus.com/bid/26496
External Resources
CVE History Timeline
Nov 20, 2007 19:37
Initial Analysis
Jan 25, 2024 21:37
Reanalysis
May 14, 2024 01:49
CVE Modified
Nov 21, 2024 00:39
CVE Modified