Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5163

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-5163
Last Modified 17 Dec 2012 12:00:00
Published 15 Sep 2012 01:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-5163

Summary

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.

Vulnerable Systems

Application

  • Mitsubishi-automation Mx4 Scada 7.10

  • Schneider-electic Citectscada 7.10

  • Schneider-electric Citectscada 7.10


References

CONFIRM - https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4,SCADA

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf

SECTRACK - 1026306

OSVDB - 76937

CONFIRM - http://www.citect.com/citectscada-batch

SECUNIA - 46786

SECUNIA - 46779


Last Updated: 27 May 2016 10:55:02