Vulnerability Description
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishi-Automation | Mx4 Scada | <= 7.10 |
| Schneider-Electric | Citectscada | <= 7.10 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/46779Vendor Advisory
- http://secunia.com/advisories/46786Vendor Advisory
- http://www.citect.com/citectscada-batch
- http://www.osvdb.org/76937
- http://www.securitytracker.com/id?1026306
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdfUS Government Resource
- https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=saf
- http://secunia.com/advisories/46779Vendor Advisory
- http://secunia.com/advisories/46786Vendor Advisory
- http://www.citect.com/citectscada-batch
- http://www.osvdb.org/76937
- http://www.securitytracker.com/id?1026306
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdfUS Government Resource
- https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=saf
FAQ
What is CVE-2011-5163?
CVE-2011-5163 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary ...
How severe is CVE-2011-5163?
CVE-2011-5163 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5163?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishi-Automation Mx4 Scada, Schneider-Electric Citectscada.