Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4051

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4051
Last Modified 08 Dec 2011 12:00:00
Published 05 Dec 2011 06:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4051

Summary

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Vulnerable Systems

Application

  • Indusoft Web Studio 6.1

  • Indusoft Web Studio 7.0


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-330/

CONFIRM - http://www.indusoft.com/hotfixes/hotfixes.php


Last Updated: 27 May 2016 10:57:48