OSVDB: Open Sourced Vulnerability Database

Creditee: Kuang-Chun Hung

Known Contact Information:

None at this time

Known Affiliations:

Security Research and Service Institute - Information and Communication Security Technology Center (ICST) (as of 2011-12-09)
Information and Communication Security Technology Center (as of 2011-12-21)

Disclosed Vulnerabilities (38):

Disc. Date	OSVDB ID	CVEID	Title
2013-04-08	92196	2012-3022	Canary Labs TrendLink ActiveX (TrendDisplay.dll) SaveToFile Method Arbitrary Code Execution
2013-01-25	89575	2013-4696 2012-4696	Beijer Electronics Multiple Product Unspecified Function String Handling Overflow
2013-01-08	89057	2012-4689	General Electric (GE) Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe HTTP Data Parsing Integer Overflow
2012-10-15	86257	2012-3026	General Electric (GE) Intelligent Platforms Proficy Real-Time Information Portal Unspecified Overflow (2012-3026)
2012-10-15	86258	2012-3010	General Electric (GE) Intelligent Platforms Proficy Real-Time Information Portal Unspecified Overflow (2012-3010)
2012-10-15	86259	2012-3021	General Electric (GE) Intelligent Platforms Proficy Real-Time Information Portal Unspecified Overflow (2012-3021)
2012-09-28	85822	2012-3035	DeltaV Malformed String Parsing Remote Overflow DoS
2012-05-17	82014	2012-1818	DeltaV Multiple Product Unspecified ActiveX Arbitrary File Overwrite
2012-05-16	82011	2012-1815	DeltaV Multiple Product Unspecified SQL Injection
2012-05-16	82012	2012-1816	DeltaV Multiple Product PORTSERV.exe Packet Parsing Remote DoS
2012-05-16	82013	2012-1817	DeltaV Multiple Product Project File Handling Remote Overflow
2012-05-16	81996	2012-1814	DeltaV Multiple Product Unspecified XSS
2012-02-17	79407	2012-0223	7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
2012-02-17	79408	2012-0224	7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
2012-02-16	79563	2012-0234 2012-1234	Advantech/Broadwin WebAccess Unspecified SQL Injection (2012-0234)
2012-02-16	79570	2012-0235 2012-1235	Advantech/Broadwin WebAccess Unspecified CSRF
2012-02-16	79562	2011-4521	Advantech/Broadwin WebAccess Unspecified SQL Injection (2011-4521)
2012-02-16	79566	2012-0233	Advantech/Broadwin WebAccess Unspecified XSS
2012-02-16	79569	2012-0236	Advantech/Broadwin WebAccess Unspecified Information Disclosure
2012-02-16	79574	2012-0237	Advantech/Broadwin WebAccess Unauthorized Date/Time Syncing Modification
2012-02-16	79575	2012-0238	Advantech/Broadwin WebAccess opcImg.asp Remote Overflow
2012-02-16	79577	2012-0239	Advantech/Broadwin WebAccess uaddUpAdmin.asp Unauthorized Admin Password Manipulation
2012-02-16	79578	2012-0240	Advantech/Broadwin WebAccess GbScriptAddUp.asp Authentication Function Remote Code Execution
2012-02-16	79576	2011-4524	Advantech/Broadwin WebAccess Unspecified Overflow (2011-4524)
2012-02-16	79585	2011-4526	Advantech/Broadwin WebAccess Unspecified ActiveX Overflow
2012-02-16	79586	2011-4525	Advantech/Broadwin WebAccess Arbitrary File Write Remote Code Execution
2012-02-16	79567	2011-4522	Advantech/Broadwin WebAccess bwerrdn.asp Unspecified XSS
2012-02-16	79568	2011-4523	Advantech/Broadwin WebAccess bwview.asp Unspecified XSS
2012-02-16	79587	2012-0243	Advantech/Broadwin WebAccess bwocxrun.ocx Overflow Arbitrary File Creation Code Execution
2012-02-16	79565	2012-0244	Advantech/Broadwin WebAccess Unspecified SQL Injection (2012-0244)
2012-02-07	78920	2011-4533	zenon zenAdminSrv.exe Packet Parsing Remote Code Execution
2012-02-07	78921	2011-4534	zenon ZenSysSrv.exe Client Connection Saturation Remote Code Execution
2012-01-16	78328	2011-4053	7-Technologies Interactive Graphical SCADA System (IGSS) Path Subversion Arbitrary DLL Injection Code Execution
2012-01-11	78223	2011-4057	CodeMeter TCP Packet Parsing Unspecified Remote DoS
2011-12-21	78233	2012-0309	Cogent DataHub Unspecified XSS
2011-12-20	78285	2011-4870	Invensys Wonderware InBatch Multiple ActiveX Control Property Value String Parsing Remote Overflow
2011-12-09	78286	2011-4056	Siemens Tecnomatix FactoryLink ActBar.ocx Save Method Remote Arbitrary File Write
2011-12-09	78287	2011-4055	Siemens Tecnomatix FactoryLink WebClient ActiveX Control Location URL Parameter Parsing Remote Code Execution

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.