Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.802537 |
Category: | General |
Title: | InduSoft Web Studio Multiple Remote Code Execution Vulnerabilitites |
Summary: | This host is installed with Indusoft Web Studio and is prone to; multiple remote code execution vulnerabilities. |
Description: | Summary: This host is installed with Indusoft Web Studio and is prone to multiple remote code execution vulnerabilities. Vulnerability Insight: The flaws are due to - An error in 'CEServer component'. When handling the remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. - An error in remote agent component (CEServer.exe). When handling incoming requests the process fails to perform any type of authentication, which allows direct manipulation and creation of files on disk, loading of arbitrary DLLs and process control. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code within the context of the affected application. Affected Software/OS: InduSoft Web Studio version 6.1 and 7.0. Solution: Install the hotfix. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 50675 BugTraq ID: 50677 Common Vulnerability Exposure (CVE) ID: CVE-2011-4051 http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf http://www.zerodayinitiative.com/advisories/ZDI-11-330/ Common Vulnerability Exposure (CVE) ID: CVE-2011-4052 http://www.zerodayinitiative.com/advisories/ZDI-11-329/ |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |