Vulnerability Name:

CVE-2012-1801 (CCN-74617)

Assigned:2012-03-23
Published:2012-03-23
Updated:2017-12-20
Summary:Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.7 High (CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-1801

Source: CCN
Type: SA48693
ABB Multiple Products ActiveX Control Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
48693

Source: CCN
Type: ABB Web Site
The ABB Group - Automation and Power Technologies

Source: CCN
Type: OSVDB ID: 80895
ABB Multiple Product Multiple Unspecified COM / ActiveX Component Overflow

Source: BID
Type: UNKNOWN
52888

Source: CCN
Type: BID-52888
Multiple ABB Products ActiveX Control Buffer Overflow Vulnerability

Source: CCN
Type: ICSA-12-095-01
ABB MULTIPLE COMPONENTS BUFFER OVERFLOW

Source: MISC
Type: US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf

Source: CCN
Type: ABB-VU-DMRO-41532
Advisory for WebWare Components and Related Products

Source: CONFIRM
Type: Vendor Advisory
http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf

Source: XF
Type: UNKNOWN
abb-activex-bo(74617)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:abb:interlink_module:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:quickteach:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:robotstudio_lite:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:robotstudio_s4:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:s4_opc_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:webware_sdk:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:webware_server:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:abb:webware_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:webware_sdk:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:s4_opc_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:robotstudio_s4:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:robotstudio_lite:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:quickteach:-:*:*:*:*:*:*:*
  • OR cpe:/a:abb:interlink_module:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    abb interlink module -
    abb quickteach -
    abb robotstudio lite -
    abb robotstudio s4 -
    abb s4 opc server -
    abb webware sdk -
    abb webware server -
    abb webware server -
    abb webware sdk -
    abb s4 opc server -
    abb robotstudio s4 -
    abb robotstudio lite -
    abb quickteach -
    abb interlink module -