Vulnerability Details CVE-2011-4051
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.748
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.indusoft.com/hotfixes/hotfixes.php
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-11-330/
- http://www.indusoft.com/hotfixes/hotfixes.php
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-11-330/
Products affected by CVE-2011-4051
-
cpe:2.3:a:indusoft:web_studio:6.1
-
cpe:2.3:a:indusoft:web_studio:7.0