Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3330

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-3330
Last Modified 07 Nov 2011 12:00:00
Published 04 Nov 2011 05:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-3330

Summary

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.

Vulnerable Systems

Application

  • Schneider-electric Monitor Pro 7.6

  • Schneider-electric Opc Factory Server 3.34

  • Schneider-electric Pl7 Pro 4.5

  • Schneider-electric Telemecanique Driver Pack 2.6

  • Schneider-electric Unity Pro 6.0

  • Schneider-electric Vijeo Citect 7.20


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf

XF - schneider-unitelway-bo(70882)

SECTRACK - 1026234

BID - 50319

CONFIRM - http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page

SECUNIA - 46534


Last Updated: 27 May 2016 10:57:42