Vulnerability Details : CVE-2007-6033
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
Products affected by CVE-2007-6033
- cpe:2.3:a:wonderware:intouch:8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6033
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6033
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-01-25 |
CWE ids for CVE-2007-6033
-
Assigned by: nvd@nist.gov (Primary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6033
-
http://www.kb.cert.org/vuls/id/138633
VU#138633 - Invensys Wonderware InTouch creates insecure NetDDE shareThird Party Advisory;US Government Resource
-
http://www.digitalbond.com/index.php/2007/11/19/wonderware-intouch-80-netdde-vulnerability-s4-preview/
Digital Bond Archives - Dale Peterson: ICS Security CatalystNot Applicable
-
http://pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsThreadID=2&NewsID=201804
Broken Link
-
http://www.securityfocus.com/bid/26496
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/27751
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://osvdb.org/42398
Broken Link
Jump to