CVE-2011-4870
Summary
| CVE | CVE-2011-4870 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-01-08 00:55:02 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Invensys | Wonderware Inbatch | 8.1 | sp1 | All | All |
| Application | Invensys | Wonderware Inbatch | 9.0 | All | All | All |
| Application | Invensys | Wonderware Inbatch | 9.0 | sp1 | All | All |
| Application | Invensys | Wonderware Inbatch | 9.0 | sp2 | All | All |
| Application | Invensys | Wonderware Inbatch | 9.5 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Invensys Wonderware inBatch BatchField ActiveX Control Multiple Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 404 - File Not Found | CISA | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.