Multiple DeltaV Products Multiple Remote Vulnerabilities

Bugtraq ID:	53591
Class:	Input Validation Error
CVE:	CVE-2012-1814 CVE-2012-1815 CVE-2012-1816 CVE-2012-1817 CVE-2012-1818
Remote:	Yes
Local:	No
Published:	May 16 2012 12:00AM
Updated:	May 30 2012 10:50PM
Credit:	Kuang-Chun Hung of Security Research and Service Institute.
Vulnerable:	Emerson Electric Co DeltaV Workstations 9 Emerson Electric Co DeltaV Workstations 11 Emerson Electric Co DeltaV Workstations 10 Emerson Electric Co DeltaV ProEssentials Scientific Graph 5 Emerson Electric Co DeltaV 9 Emerson Electric Co DeltaV 11 Emerson Electric Co DeltaV 10
Not Vulnerable:

Multiple DeltaV Products Multiple Remote Vulnerabilities

Multiple DeltaV Products are prone to multiple remote vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, to access or modify data, to exploit latent vulnerabilities in the underlying database, to execute arbitrary code, to overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer),or to cause a denial-of-service condition. Other attacks are possible.

Multiple DeltaV Products Multiple Remote Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple DeltaV Products Multiple Remote Vulnerabilities

References:

• Emerson Electric Co Homepage (Emerson Electric Co)
  
• ICSA-12-138-01�??EMERSON DELTAV MULTIPLE VULNERABILITIES (US-CERT)