CVE-2010-2974

Wonderware Archestra <3.1 SP2 P01 - RCE

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/703189
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MORO-87MHPT

Scores

EPSS 0.0448
EPSS Percentile 90.4%

Details

CWE
CWE-119
Status published
Products (6)
invensys/wonderware_application_server 2.0
invensys/wonderware_application_server 2.1
invensys/wonderware_application_server 3.0
invensys/wonderware_application_server 3.1 (2 CPE variants)
invensys/wonderware_application_server < 3.1
invensys/wonderware_archestra_configuration_access_component_activex_control
Published Aug 05, 2010
Tracked Since Feb 18, 2026