Info

Disclosure

May 17, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple DeltaV products contain a flaw that is triggered by an insecure method within an unspecified ActiveX control, which may allow an attacker to overwrite arbitrary files.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: SCADA

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Emerson Electric Co.	DeltaV Workstations	9.3.1
		10.3.1
		11.3
		11.3.1
	DeltaV	9.3.1
		10.3.1
		11.3
		11.3.1
	DeltaV ProEssentials Scientific Graph	5.0.0.6

References

CVE ID: 2012-1818 (see also: NVD)
Secunia Advisory ID: 49210
Bugtraq ID: 53591
Related OSVDB ID: 81996 82011 82012 82013
Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-01.pdf [ Link is 404 ]
http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/82014

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Emerson Electric Co.

DeltaV Workstations

DeltaV

DeltaV ProEssentials Scientific Graph

References

Credit