exploitDog

CVE-2011-4051

Опубликовано: 05 дек. 2011

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Ссылки

http://www.indusoft.com/hotfixes/hotfixes.php
Patch
http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
US Government Resource
http://www.zerodayinitiative.com/advisories/ZDI-11-330/
Patch
http://www.indusoft.com/hotfixes/hotfixes.php
Patch
http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
US Government Resource
http://www.zerodayinitiative.com/advisories/ZDI-11-330/
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*

cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.73429

Высокий

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-mx3h-2chv-mcx2

github

больше 3 лет назад

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

EPSS

Процентиль: 99%

0.73429

Высокий

10 Critical

CVSS2

Дефекты

CWE-287