PT-2011-4830 · Indusoft · Indusoft Web Studio

Luigi Auriemma

Published

2011-11-16

Updated

2011-12-08

CVE-2011-4051

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions InduSoft Web Studio versions 6.1 through 7.0

Description The issue allows remote attackers to execute arbitrary code without requiring authentication. This is related to vectors involving the creation of a file, loading a DLL, and process control in the CEServer component of the Remote Agent module.

Recommendations For InduSoft Web Studio versions 6.1 through 7.0, consider restricting access to the CEServer.exe component until a patch is available. As a temporary workaround, avoid using the Remote Agent module in InduSoft Web Studio versions 6.1 through 7.0 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2011-4051

ZDI-11-330

Affected Products

Indusoft Web Studio

PT-2011-4830 · Indusoft · Indusoft Web Studio

CVE-2011-4051

Weakness Enumeration

Related Identifiers

Affected Products

References · 7