CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-4051

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile30.15th
Published2011年12月5日
Last Modified2026年4月29日

Vulnerability Description

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Affected Platforms (CPE)

📦
Indusoft

Web Studio

= 6.1
📦
Indusoft

Web Studio

= 7.0

References & Advisories

🔗 http://www.indusoft.com/hotfixes/hotfixes.php
🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
🔗 http://www.zerodayinitiative.com/advisories/ZDI-11-330/
🔗 http://www.indusoft.com/hotfixes/hotfixes.php
🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
🔗 http://www.zerodayinitiative.com/advisories/ZDI-11-330/

相關漏洞威脅

CVE-2011-034210.0

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hot...

CVE-2011-190010.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to ...

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2012-123910.0

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x thr...