Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0030 A number of vulnerabilities have been identified in Invensys Wonderware Intelligence Tableau Server 26 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Invensys Wonderware Intelligence Tableau Server Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-0156 CVE-2013-0155 Member content until: Thursday, March 28 2013 Reference: ESB-2013.0084 ESB-2013.0069 ESB-2013.0059 OVERVIEW A number of vulnerabilities have been identified in Invensys Wonderware Intelligence Tableau Server up to version 1.5 SP1. [1] IMPACT ICS-CERT has provided the following details regarding these vulnerabilities: "PERMISSIONS, PRIVLEGES, AND ACCESS CONTROLS Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation. This difference in parameter handling allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain [nil] values. CVE-2013-0155 has been assigned to this vulnerability. A CVSS v2 base score of 6.4 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:P/A:N)." [1] "INPUT VALIDATION Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values. By leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, an attacker can conduct object-injection attacks and execute arbitrary code or cause a denial of service involving nested XML entity references. CVE-2013-0156 has been assigned to this vulnerability. A CVSS v2 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:P/I:P/A:P)." [1] ICS-CERT has stated that while there are no known exploits for these vulnerabilities, "... an attacker with a low skill would be able to exploit these vulnerabilities." [1] MITIGATION ICS-CERT recommends that administrators apply the available security update. ICS-CERT has also stated that "Customers currently using a version older than 1.5 SP1 are required to obtain a new license." [1] REFERENCES [1] ICSA-13-036-01A - WONDERWARE INTELLIGENCE TABLEAU SERVER RUBY ON RAILS IMPROPER INPUT VALIDATION http://ics-cert.us-cert.gov/pdf/ICSA-13-036-01A.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUSwqnO4yVqjM2NGpAQI69BAAmEer2tDRUJMUVCWlguOwlvmj6nNZPDsp DV1Xb6NOwg2ZpGmREXS15go/er7g1QcV8eAxwlFbh0QzbUHuPcJe5eKFkhBIYQpo CLpwVuxCfwzDAZ6o/UJQVfwn43FkC88lSFAxBrYRJIOljDLvLJpUucyXlSXGsapK Ar3mfBsgMjcPNK/TXa8/krXS6Eq1NpL41I9OTmQtjTRyc+qfjdSehkk2N3lh8yVh 6lgHmZA496D+YbhK+lBbUxpRTkS044W/K/4H7yNHJlrY8vhTOUErXkfkcjmEJkAh i0cJC9Ym07HKFrIT+Gv4FOHiaEHQOu6TvK3Cw3/hZAPMhxfPJbLzWINH5Y1XLPwl FtzDPxPnCIPQjdp7+cGkt0IvlQpBzVCuR8VL3d3ulSBrUliPFIHLdeVKmpGVrLxP TjgXGdPo1tt8x/pJVn/HKk61E69lGd+UJiqF9AhDbAltBfXb+afHwjsMWhaiSSJj kbi8C2SsTJ1h4LltLYOaDBu59vV4Cwh64G+Jf9nvqdoQAMuKeWxv25MVagNFnBtj fovWvP7Ls+yYV+JF2p3AGp5PlqIRkFLCXrD2shFFxguGPXJEkLGSLYzEykM2WRL/ VxHyyVFDqRKBlgCzzI4jZKcDZpIb4warvbZIVfwe2/GfbPb386QuiYCfokfoZW00 Vq72hR0lYXA= =lytC -----END PGP SIGNATURE-----