Search criteria
6 vulnerabilities found for wonderware_hmi_reports by invensys
FKIE_CVE-2011-4039
Vulnerability from fkie_nvd - Published: 2012-02-10 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://secunia.com/advisories/47742 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/47933 | Vendor Advisory | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf | US Government Resource | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47742 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47933 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dreamreport | dream_report | * | |
| dreamreport | dream_report | 3.21 | |
| dreamreport | dream_report | 3.41 | |
| dreamreport | dream_report | 3.42 | |
| invensys | wonderware_hmi_reports | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD8213-B11B-48BF-A2A1-9F485F02D310",
"versionEndIncluding": "3.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3E8A91FF-176F-4823-90F3-AA998F54558B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7D92A-80CA-45C3-8A94-0FE560791D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "2E435F35-43CA-46DE-8637-17F84D43E4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97C412F4-B6C6-4000-8828-16A2B0AF9262",
"versionEndIncluding": "3.42.835.0304",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\""
},
{
"lang": "es",
"value": "Invensys Wonderware HMI Reports v3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros productos permiten a atacantes remotos asistidos por usuarios, ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero defectuoso que provocar\u00e1 una \"write access violation.\"."
}
],
"id": "CVE-2011-4039",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-10T19:55:01.797",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47742"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47933"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4038
Vulnerability from fkie_nvd - Published: 2012-02-10 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://secunia.com/advisories/47742 | Vendor Advisory | |
| cret@cert.org | http://secunia.com/advisories/47933 | Vendor Advisory | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf | US Government Resource | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47742 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47933 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dreamreport | dream_report | * | |
| dreamreport | dream_report | 3.21 | |
| dreamreport | dream_report | 3.41 | |
| dreamreport | dream_report | 3.42 | |
| invensys | wonderware_hmi_reports | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD8213-B11B-48BF-A2A1-9F485F02D310",
"versionEndIncluding": "3.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3E8A91FF-176F-4823-90F3-AA998F54558B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7D92A-80CA-45C3-8A94-0FE560791D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "2E435F35-43CA-46DE-8637-17F84D43E4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97C412F4-B6C6-4000-8828-16A2B0AF9262",
"versionEndIncluding": "3.42.835.0304",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Invensys Wonderware HMI Reports 3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros programas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados.\r\n"
}
],
"id": "CVE-2011-4038",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-10T19:55:01.750",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47742"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47933"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4038 (GCVE-0-2011-4038)
Vulnerability from cvelistv5 – Published: 2012-02-10 19:00 – Updated: 2024-09-17 04:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-10T19:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4038",
"datePublished": "2012-02-10T19:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T04:08:45.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4039 (GCVE-0-2011-4039)
Vulnerability from cvelistv5 – Published: 2012-02-10 19:00 – Updated: 2024-09-16 18:03
VLAI?
Summary
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-10T19:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4039",
"datePublished": "2012-02-10T19:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:52.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4038 (GCVE-0-2011-4038)
Vulnerability from nvd – Published: 2012-02-10 19:00 – Updated: 2024-09-17 04:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-10T19:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4038",
"datePublished": "2012-02-10T19:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T04:08:45.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4039 (GCVE-0-2011-4039)
Vulnerability from nvd – Published: 2012-02-10 19:00 – Updated: 2024-09-16 18:03
VLAI?
Summary
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-10T19:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \"write access violation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf"
},
{
"name": "47742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47742"
},
{
"name": "47933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4039",
"datePublished": "2012-02-10T19:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:52.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}