Description
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/703189
Vendor Advisory x_refsource_confirm
http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108
Various Sources x_refsource_confirm
https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MORO-87MHPT
Scores
EPSS
0.0448
EPSS Percentile
90.4%
Details
CWE
CWE-119
Status
published
Products (6)
invensys/wonderware_application_server
2.0
invensys/wonderware_application_server
2.1
invensys/wonderware_application_server
3.0
invensys/wonderware_application_server
3.1 (2 CPE variants)
invensys/wonderware_application_server
< 3.1
invensys/wonderware_archestra_configuration_access_component_activex_control
Published
Aug 05, 2010
Tracked Since
Feb 18, 2026