CVE-2011-4051

{"id": "CVE-2011-4051", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-05T11:55:06.600", "references": [{"url": "http://www.indusoft.com/hotfixes/hotfixes.php", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-330/", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.indusoft.com/hotfixes/hotfixes.php", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-330/", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control."}, {"lang": "es", "value": "El componente de CEServer en el m\u00f3dulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con la creaci\u00f3n de un archivo, la carga de un archivo DLL, y el control de procesos."}], "lastModified": "2024-11-21T01:31:45.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82BF1958-F098-4E55-B97C-F15253A63228"}, {"criteria": "cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9033E5E6-3FC5-448A-BA52-A03DDEA638A6"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}