Unrated severityNVD Advisory· Published Feb 10, 2012· Updated Apr 29, 2026

CVE-2011-4039

Description

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."

Affected products

Dreamreport/Dream Report4 versions
cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*range: <=3.43
- cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*
- cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*
- cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*
Invensys/Wonderware Hmi Reports
cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*
Range: <=3.42.835.0304

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/47742nvdVendor Advisory
secunia.com/advisories/47933nvdVendor Advisory
www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdfnvdUS Government Resource
www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdfnvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000