CVE-2011-4044

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf	US Government Resource
https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arcinfo:frontvue:-:::::::*
	cpe:2.3:a:arcinfo:pcvue:6.0:::::::*
	cpe:2.3:a:arcinfo:pcvue:8.2:::::::*
	cpe:2.3:a:arcinfo:pcvue:9.0:::::::*
	cpe:2.3:a:arcinfo:pcvue:10.0:::::::*
	cpe:2.3:a:arcinfo:plantvue:-:::::::*

History

No history.

Information

Published : 2012-04-03 03:44

Updated : 2024-02-28 12:00

NVD link : CVE-2011-4044

Mitre link : CVE-2011-4044

CVE.ORG link : CVE-2011-4044

JSON object : View

Products Affected

arcinfo

plantvue
frontvue
pcvue

CWE

NVD-CWE-noinfo

{"id": "CVE-2011-4044", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-04-03T03:44:36.023", "references": [{"url": "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440", "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods."}, {"lang": "es", "value": "Control ActiveX no determinado en SVUIGrd.ocx en ARC Informatique PcVue v6.0 hasta v10.0, FrontVue, y PlantVue permite a atacantes remotos modificar ficheros a trav\u00e9s de llamadas a m\u00e9todos no determinados."}], "lastModified": "2012-04-03T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arcinfo:frontvue:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B70D1F4-70EC-4AA9-8C9E-2D98A64443AF"}, {"criteria": "cpe:2.3:a:arcinfo:pcvue:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEA0A812-C7F7-4651-9290-EFB099D111C8"}, {"criteria": "cpe:2.3:a:arcinfo:pcvue:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9CA6F24-A3D3-4FE7-80C9-625BE5DDFAC2"}, {"criteria": "cpe:2.3:a:arcinfo:pcvue:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1719190-35E4-4056-AC19-ED8C3190BF6F"}, {"criteria": "cpe:2.3:a:arcinfo:pcvue:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210BA70E-D58C-446C-8701-94089B844DB0"}, {"criteria": "cpe:2.3:a:arcinfo:plantvue:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4005489C-7D69-40A1-9CAE-EB95251BE6D4"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}