PT-2012-1798 · Siemens · Siemens Tecnomatix Factorylink+1

Published

2012-01-08

Updated

2012-01-09

CVE-2011-4056

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Siemens Tecnomatix FactoryLink versions 6.6.1 through 8.0.2.54

Description The issue allows remote attackers to create or overwrite arbitrary files. This is achieved via the save method of an unspecified ActiveX control in ActBar.ocx.

Recommendations For versions 6.6.1, 7.5.217, and 8.0.2.54, consider disabling the use of the save method in the ActiveX control until a patch is available. Restrict access to the ActBar.ocx module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-4056

Affected Products

Actbar.Ocx

Siemens Tecnomatix Factorylink

PT-2012-1798 · Siemens · Siemens Tecnomatix Factorylink+1

CVE-2011-4056

Related Identifiers

Affected Products

References · 3