CVE-2011-3330
CVSS V2 High 7.2
CVSS V3 None
Description
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.
Overview
- CVE ID
- CVE-2011-3330
- Assigner
- cret@cert.org
- Vulnerability Status
- Modified
- Published Version
- 2011-11-04T21:55:03
- Last Modified Date
- 2017-08-29T01:30:10
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:schneider-electric:monitor_pro:*:*:*:*:*:*:*:* | 1 | OR | 7.6 | |
| cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:* | 1 | OR | 3.34 | |
| cpe:2.3:a:schneider-electric:pl7_pro:*:sp5:*:*:*:*:*:* | 1 | OR | 4.5 | |
| cpe:2.3:a:schneider-electric:telemecanique_driver_pack:*:*:*:*:*:*:*:* | 1 | OR | 2.6 | |
| cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:* | 1 | OR | 6.0 | |
| cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:* | 1 | OR | 7.20 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.2
- Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 10
References
| Reference URL | Reference Tags |
|---|---|
| http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page | Vendor Advisory |
| http://www.securityfocus.com/bid/50319 | |
| http://www.securitytracker.com/id?1026234 | |
| http://secunia.com/advisories/46534 | Vendor Advisory |
| http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf | US Government Resource |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70882 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2011-3330 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3330 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 08:52:42 | Added to TrackCVE |