CVE Vulnerability

CVE-2007-6033

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/
http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804
http://www.kb.cert.org/vuls/id/138633 US Government Resource
http://www.securityfocus.com/bid/26496
http://secunia.com/advisories/27751 Vendor Advisory
http://osvdb.org/42398
Configurations

Configuration 1

cpe:2.3:a:wonderware:intouch:8.0:*:*:*:*:*:*:*
Information

Published : 2007-11-20 02:46

Updated : 2008-11-15 05:00

NVD link : CVE-2007-6033

Mitre link : CVE-2007-6033

Products Affected
No products.
CWE
CWE-732