10

CVE-2011-4051

EPSS 74.79%
Veröffentlicht 05.12.2011 11:55:06
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Indusoft ≫ Web Studio Version6.1

Indusoft ≫ Web Studio Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	74.79%	0.988

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.indusoft.com/hotfixes/hotfixes.php

Patch

http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf

US Government Resource

http://www.zerodayinitiative.com/advisories/ZDI-11-330/

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-4051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4051

EUVD