Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4035

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4035
Last Modified 16 Feb 2012 11:09:47
Published 02 Dec 2011 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4035

Summary

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Schneider-electric Citecthistorian 4.20

  • Schneider-electric Citecthistorian 4.30

  • Schneider-electric Citectscada Reports 4.0

  • Schneider-electric Citectscada Reports 4.10

  • Schneider-electric Vijeo Historian 4.0

  • Schneider-electric Vijeo Historian 4.10

  • Schneider-electric Vijeo Historian 4.20

  • Schneider-electric Vijeo Historian 4.30


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf

CONFIRM - http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page

CONFIRM - http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695

XF - schneider-unspec-xss(71503)


Last Updated: 27 May 2016 10:58:16