Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.01436
Percentile:
0.79815
CVSS Scoring
CVSS v3.1 Score: 8.8
Severity: HIGH
Mapped CWE(s)
-
CWE-732
: Incorrect Permission Assignment for Critical Resource
All CAPEC(s)
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
-
CAPEC-122: Privilege Abuse
-
CAPEC-127: Directory Indexing
-
CAPEC-17: Using Malicious Files
-
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
-
CAPEC-206: Signing Malicious Code
-
CAPEC-234: Hijacking a privileged process
-
CAPEC-60: Reusing Session IDs (aka Session Replay)
-
CAPEC-61: Session Fixation
-
CAPEC-62: Cross Site Request Forgery
-
CAPEC-642: Replace Binaries
CAPEC(s) with Mapped TTPs
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-122: Privilege Abuse
Mapped TTPs:
-
T1548
: Abuse Elevation Control Mechanism
-
CAPEC-127: Directory Indexing
Mapped TTPs:
-
T1083
: File and Directory Discovery
-
CAPEC-17: Using Malicious Files
Mapped TTPs:
-
T1574.005
: Executable Installer File Permissions Weakness
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
Mapped TTPs:
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-206: Signing Malicious Code
Mapped TTPs:
-
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
-
CAPEC-642: Replace Binaries
Mapped TTPs:
-
T1505.005
: Terminal Services DLL
-
T1554
: Compromise Host Software Binary
-
T1574.005
: Executable Installer File Permissions Weakness
Mapped ATT&CK TTPs
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1548
: Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
-
T1083
: File and Directory Discovery
Kill Chain: discovery
-
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1553.002
: Code Signing
Kill Chain: defense-evasion
-
T1134.001
: Token Impersonation/Theft
Kill Chain: defense-evasion
-
T1550.004
: Web Session Cookie
Kill Chain: defense-evasion
-
T1505.005
: Terminal Services DLL
Kill Chain: persistence
-
T1554
: Compromise Host Software Binary
Kill Chain: persistence
-
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
Malware
APTs Threat Group Associations
Campaigns
- Operation Wocao
- APT41 DUST
- SolarWinds Compromise
- Operation CuckooBees
- Operation Honeybee
- 2016 Ukraine Electric Power Attack
- RedDelta Modified PlugX Infection Chain Operations
- Operation Dream Job
- C0015
- Night Dragon
- HomeLand Justice
- Cutting Edge
- KV Botnet Activity
Affected Products
- cpe:2.3:a:wonderware:intouch:8.0:*:*:*:*:*:*:*
← Back to Home