VAR-201210-0405
Vulnerability from variot - Updated: 2023-12-18 13:29Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Open Automation Software OPC Systems.NET Used in ComponentOne FlexGrid of VSFlex7.VSFlexGrid ActiveX The control contains a buffer overflow vulnerability.By a third party Archive Denial of service via an excessively long archive filename argument to the method (DoS) Could be put into a state and execute arbitrary code. OPC Systems.NET is a .NET product for SCADA, HMI. The ComponentOne FlexGrid ActiveX control has a buffer overflow that allows an attacker to exploit a vulnerability to construct a malicious link that tricks the user into parsing and executing arbitrary code in the context of the application. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexgrid",
"scope": "eq",
"trust": 1.7,
"vendor": "componentone",
"version": "7.1"
},
{
"model": "flexgrid light",
"scope": "eq",
"trust": 0.9,
"vendor": "componentone",
"version": "7.1"
},
{
"model": "systems opc systems.net",
"scope": "eq",
"trust": 0.9,
"vendor": "opc",
"version": "0"
},
{
"model": "opc systems.net",
"scope": null,
"trust": 0.8,
"vendor": "open automation",
"version": null
},
{
"model": "opcsystems.net",
"scope": "eq",
"trust": 0.6,
"vendor": "opcsystems",
"version": null
},
{
"model": "opcsystems.net",
"scope": "eq",
"trust": 0.6,
"vendor": "opcsystems",
"version": "4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:componentone:flexgrid",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:opcsystems:opcsystems.net",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexandr Polyakov from DSecRG",
"sources": [
{
"db": "BID",
"id": "51601"
}
],
"trust": 0.3
},
"cve": "CVE-2012-5311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-5311",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5311",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201210-077",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Open Automation Software OPC Systems.NET Used in ComponentOne FlexGrid of VSFlex7.VSFlexGrid ActiveX The control contains a buffer overflow vulnerability.By a third party Archive Denial of service via an excessively long archive filename argument to the method (DoS) Could be put into a state and execute arbitrary code. OPC Systems.NET is a .NET product for SCADA, HMI. The ComponentOne FlexGrid ActiveX control has a buffer overflow that allows an attacker to exploit a vulnerability to construct a malicious link that tricks the user into parsing and executing arbitrary code in the context of the application. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5311"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5311",
"trust": 2.7
},
{
"db": "BID",
"id": "51601",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0339",
"trust": 0.6
},
{
"db": "XF",
"id": "72604",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "21082",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-012-01A",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "NVD",
"id": "CVE-2012-5311"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"id": "VAR-201210-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
}
],
"trust": 1.1064814833333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
}
]
},
"last_update_date": "2023-12-18T13:29:56.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.componentone.com/"
},
{
"title": "OPC SYSTEMS.NET",
"trust": 0.8,
"url": "http://www.opcsystems.net/opc_systems_net.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://dsecrg.com/pages/vul/show.php?id=406"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5311"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5311"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/72604"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51601"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/21082"
},
{
"trust": 0.3,
"url": "http://www.componentone.com/"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "www.opcsystems.net"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"db": "NVD",
"id": "CVE-2012-5311"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"date": "2012-01-20T00:00:00",
"db": "BID",
"id": "51601"
},
{
"date": "2012-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"date": "2012-10-08T17:55:01.010000",
"db": "NVD",
"id": "CVE-2012-5311"
},
{
"date": "2012-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"date": "2012-10-10T18:20:00",
"db": "BID",
"id": "51601"
},
{
"date": "2012-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004846"
},
{
"date": "2023-11-07T02:12:31.027000",
"db": "NVD",
"id": "CVE-2012-5311"
},
{
"date": "2012-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0339"
},
{
"db": "BID",
"id": "51601"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-077"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…