Lucene search

CertccCVE-2011-4874

HistoryApr 13, 2012 - 10:41 a.m.

CVE-2011-4874

2012-04-1310:41:49

CWE-399

certcc

web.nvd.nist.gov

cve-2011-4874

vulnerability

microsys promotic

user-assisted

remote attackers

execute arbitrary code

denial of service

data corruption

application crash

crafted project

.pra file

nvd

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.046

Percentile

92.6%

JSON

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.

Affected configurations

Nvd

Node

microsyspromoticRange≤8.1.6

microsyspromoticMatch8.0.0

microsyspromoticMatch8.0.1

microsyspromoticMatch8.0.2

microsyspromoticMatch8.0.3

microsyspromoticMatch8.0.4

microsyspromoticMatch8.0.5

microsyspromoticMatch8.0.6

microsyspromoticMatch8.0.7

microsyspromoticMatch8.0.8

microsyspromoticMatch8.0.9

microsyspromoticMatch8.0.10

microsyspromoticMatch8.0.11

microsyspromoticMatch8.0.12

microsyspromoticMatch8.0.13

microsyspromoticMatch8.1.0

microsyspromoticMatch8.1.1

microsyspromoticMatch8.1.2

microsyspromoticMatch8.1.3

microsyspromoticMatch8.1.4

microsyspromoticMatch8.1.5

VendorProductVersionCPE
microsyspromotic*cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*
microsyspromotic8.0.0cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*
microsyspromotic8.0.1cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*
microsyspromotic8.0.2cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*
microsyspromotic8.0.3cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*
microsyspromotic8.0.4cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*
microsyspromotic8.0.5cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*
microsyspromotic8.0.6cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*
microsyspromotic8.0.7cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*
microsyspromotic8.0.8cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsys	promotic	*	cpe:2.3:a:microsys:promotic::::::::
microsys	promotic	8.0.0	cpe:2.3:a:microsys:promotic:8.0.0:::::::*
microsys	promotic	8.0.1	cpe:2.3:a:microsys:promotic:8.0.1:::::::*
microsys	promotic	8.0.2	cpe:2.3:a:microsys:promotic:8.0.2:::::::*
microsys	promotic	8.0.3	cpe:2.3:a:microsys:promotic:8.0.3:::::::*
microsys	promotic	8.0.4	cpe:2.3:a:microsys:promotic:8.0.4:::::::*
microsys	promotic	8.0.5	cpe:2.3:a:microsys:promotic:8.0.5:::::::*
microsys	promotic	8.0.6	cpe:2.3:a:microsys:promotic:8.0.6:::::::*
microsys	promotic	8.0.7	cpe:2.3:a:microsys:promotic:8.0.7:::::::*
microsys	promotic	8.0.8	cpe:2.3:a:microsys:promotic:8.0.8:::::::*

Rows per page:

1-10 of 211

References

www.promotic.eu/en/pmdoc/News.htm#ver80107

www.securityfocus.com/bid/52988

www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/74846

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.046

Percentile

92.6%

JSON

Related for CVE-2011-4874