Lucene search

CertccCVE-2011-3330

HistoryNov 04, 2011 - 9:55 p.m.

CVE-2011-3330

2011-11-0421:55:03

CWE-119

certcc

web.nvd.nist.gov

cve-2011-3330

buffer overflow

unitelway

schneider electric

unity pro

opc factory server

vijeo citect

telemecanique

monitor pro

pl7 pro

arbitrary code execution

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.

Affected configurations

Nvd

Node

schneider-electricmonitor_proRange≤7.6

schneider-electricopc_factory_serverRange≤3.34

schneider-electricpl7_proRange≤4.5sp5

schneider-electrictelemecanique_driver_packRange≤2.6

schneider-electricunity_proRange≤6.0

schneider-electricvijeo_citectRange≤7.20

VendorProductVersionCPE
schneider-electricmonitor_pro*cpe:2.3:a:schneider-electric:monitor_pro:*:*:*:*:*:*:*:*
schneider-electricopc_factory_server*cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:*
schneider-electricpl7_pro*cpe:2.3:a:schneider-electric:pl7_pro:*:sp5:*:*:*:*:*:*
schneider-electrictelemecanique_driver_pack*cpe:2.3:a:schneider-electric:telemecanique_driver_pack:*:*:*:*:*:*:*:*
schneider-electricunity_pro*cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*
schneider-electricvijeo_citect*cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	monitor_pro	*	cpe:2.3:a:schneider-electric:monitor_pro::::::::
schneider-electric	opc_factory_server	*	cpe:2.3:a:schneider-electric:opc_factory_server::::::::
schneider-electric	pl7_pro	*	cpe:2.3:a:schneider-electric:pl7_pro::sp5::::::*
schneider-electric	telemecanique_driver_pack	*	cpe:2.3:a:schneider-electric:telemecanique_driver_pack::::::::
schneider-electric	unity_pro	*	cpe:2.3:a:schneider-electric:unity_pro::::::::
schneider-electric	vijeo_citect	*	cpe:2.3:a:schneider-electric:vijeo_citect::::::::

References

secunia.com/advisories/46534

www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page

www.securityfocus.com/bid/50319

www.securitytracker.com/id?1026234

www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/70882

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2011-3330