Vulnerability CVE-2011-3330
Published: 2011-11-04   Modified: 2012-02-13

Description:
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Schneider-electric -> Monitor pro 
Schneider-electric -> Opc factory server 
Schneider-electric -> Pl7 pro 
Schneider-electric -> Telemecanique driver pack 
Schneider-electric -> Unity pro 
Schneider-electric -> Vijeo citect 

 References:
http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf
http://xforce.iss.net/xforce/xfdb/70882
http://www.securitytracker.com/id?1026234
http://www.securityfocus.com/bid/50319
http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page
http://secunia.com/advisories/46534
Copyright 2024, cxsecurity.com

 

Back to Top