CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4051

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile30.15th
PublishedDec 5, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Affected Platforms (CPE)

πŸ“¦
Indusoft

Web Studio

= 6.1
πŸ“¦
Indusoft

Web Studio

= 7.0

References & Advisories

πŸ”— http://www.indusoft.com/hotfixes/hotfixes.php
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-11-330/
πŸ”— http://www.indusoft.com/hotfixes/hotfixes.php
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-11-330/

Related Vulnerabilities

CVE-2011-034210.0

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hot...

CVE-2011-190010.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to ...

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2012-123910.0

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x thr...