Vulnerability Description
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Indusoft | Web Studio | 6.1 |
Related Weaknesses (CWE)
References
- http://www.indusoft.com/hotfixes/hotfixes.phpPatch
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdfUS Government Resource
- http://www.zerodayinitiative.com/advisories/ZDI-11-330/Patch
- http://www.indusoft.com/hotfixes/hotfixes.phpPatch
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdfUS Government Resource
- http://www.zerodayinitiative.com/advisories/ZDI-11-330/Patch
FAQ
What is CVE-2011-4051?
CVE-2011-4051 is a vulnerability with a CVSS score of 10.0 (HIGH). CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vector...
How severe is CVE-2011-4051?
CVE-2011-4051 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4051?
Check the references section above for vendor advisories and patch information. Affected products include: Indusoft Web Studio.