Lucene search

[email protected]CVE-2011-5163

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5163

2022-10-0316:15:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-5163

buffer overflow

schneider electric

citectscada

mitsubishi mx4 scada

arbitrary code execution

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.0%

JSON

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.

Affected configurations

NVD

Node

mitsubishi-automationmx4_scadaRange≤7.10

schneider-electriccitectscadaRange≤7.10

CPENameOperatorVersion
mitsubishi-automation:mx4_scadamitsubishi-automation mx4 scadale7.10
schneider-electric:citectscadaschneider-electric citectscadale7.10

CPE	Name	Operator	Version
mitsubishi-automation:mx4_scada	mitsubishi-automation mx4 scada	le	7.10
schneider-electric:citectscada	schneider-electric citectscada	le	7.10

References

secunia.com/advisories/46779

secunia.com/advisories/46786

www.citect.com/citectscada-batch

www.osvdb.org/76937

www.securitytracker.com/id?1026306

www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf

my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4%2CSCADA

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2011-5163

prion1 nvd1 cvelist1