CVE-2012-0258

N/A Unknown
Published: April 02, 2012 Modified: April 29, 2026
View on NVD

Description

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/80891
Source: cret@cert.org
http://secunia.com/advisories/48675
Source: cret@cert.org
http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf
Source: cret@cert.org
US Government Resource
https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf
Source: cret@cert.org
http://osvdb.org/80891
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48675
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.2%
87th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

invensys

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8