Vulnerabilites related to advantech - advantech_studio
Vulnerability from fkie_nvd
Published
2013-03-11 17:55
Modified
2024-11-21 01:50
Severity ?
Summary
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | advantech_studio | 6.1 | |
| advantech | advantech_studio | 6.1 | |
| indusoft | web_studio | 6.1 | |
| indusoft | web_studio | 6.1 | |
| indusoft | web_studio | 7.0 | |
| indusoft | web_studio | 7.0b2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDF09B-92F4-4CAC-8897-07C281ACCF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:sp6_61.6.01.05:*:*:*:*:*:*",
"matchCriteriaId": "9D2F2836-EF2C-4110-8740-0F32957B0FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF1958-F098-4E55-B97C-F15253A63228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "88A43470-16F3-4B89-A8A3-8B77880A315D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9033E5E6-3FC5-448A-BA52-A03DDEA638A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:7.0b2:hotfix7.0.01.04:*:*:*:*:*:*",
"matchCriteriaId": "6FB9C6B8-8C0B-4AD1-9F20-034F3A025C19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en NTWebServer.exe en Indusoft Studio v7.0 y anteriores, y Advantech Studio v7.0 y anteriores, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un nombre de ruta absoluto en un argumento a la funci\u00f3n sub_401A90 CreateFileW."
}
],
"id": "CVE-2013-1627",
"lastModified": "2024-11-21T01:50:01.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-11T17:55:01.810",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-18 18:03
Modified
2024-11-21 01:24
Severity ?
Summary
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | advantech_studio | 6.1 | |
| indusoft | web_studio | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDDF09B-92F4-4CAC-8897-07C281ACCF65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9033E5E6-3FC5-448A-BA52-A03DDEA638A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en NTWebServer.exe en el servicio web de prueba en InduSoft NTWebServer, seg\u00fan se ha distribuido en Advantech Studio v6.1 y InduSoft Web Studio v7.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n larga al puerto TCP 80."
}
],
"id": "CVE-2011-0488",
"lastModified": "2024-11-21T01:24:07.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:09.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42883"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42903"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.indusoft.com/blog/?p=337"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/506864"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/70396"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45783"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0092"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0093"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.indusoft.com/blog/?p=337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/506864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-04 22:55
Modified
2024-11-21 01:23
Severity ?
Summary
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| advantech | advantech_studio | 6.1 | |
| indusoft | thin_client | 7.0 | |
| indusoft | web_studio | * | |
| indusoft | web_studio | 6.1 | |
| indusoft | web_studio | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:advantech:advantech_studio:6.1:sp6_61.6.01.05:*:*:*:*:*:*",
"matchCriteriaId": "9D2F2836-EF2C-4110-8740-0F32957B0FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:thin_client:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26902C28-F3E8-488D-B8F5-4A1E8C731FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E16C750-58D3-4BED-AB96-52B7365ED5C2",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82BF1958-F098-4E55-B97C-F15253A63228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:indusoft:web_studio:6.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "88A43470-16F3-4B89-A8A3-8B77880A315D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la m\u00e1quina virtual ISSymbol, como se ha distribu\u00eddo en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al m\u00e9todo OpenScreen."
}
],
"id": "CVE-2011-0340",
"lastModified": "2024-11-21T01:23:46.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-04T22:55:01.467",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42928"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43116"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/47596"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1116"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-1627
Vulnerability from cvelistv5
Published
2013-03-11 17:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-11T17:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-1627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-1627",
"datePublished": "2013-03-11T17:00:00Z",
"dateReserved": "2013-02-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:48.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0340
Vulnerability from cvelistv5
Published
2011-05-04 22:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43116 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/47596 | vdb-entry, x_refsource_BID | |
| http://secunia.com/secunia_research/2011-37/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2011/1116 | vdb-entry, x_refsource_VUPEN | |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 | x_refsource_MISC | |
| http://secunia.com/advisories/42928 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2011/1115 | vdb-entry, x_refsource_VUPEN | |
| http://www.indusoft.com/hotfixes/hotfixes.php | x_refsource_CONFIRM | |
| http://secunia.com/secunia_research/2011-36/ | x_refsource_MISC | |
| http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43116"
},
{
"name": "47596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"name": "ADV-2011-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"
},
{
"name": "42928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"
},
{
"name": "ADV-2011-1115",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-22T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "43116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43116"
},
{
"name": "47596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"name": "ADV-2011-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"
},
{
"name": "42928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"
},
{
"name": "ADV-2011-1115",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-0340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43116"
},
{
"name": "47596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47596"
},
{
"name": "http://secunia.com/secunia_research/2011-37/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-37/"
},
{
"name": "ADV-2011-1116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1116"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"
},
{
"name": "42928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42928"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"
},
{
"name": "ADV-2011-1115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1115"
},
{
"name": "http://www.indusoft.com/hotfixes/hotfixes.php",
"refsource": "CONFIRM",
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"name": "http://secunia.com/secunia_research/2011-36/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-36/"
},
{
"name": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm",
"refsource": "CONFIRM",
"url": "http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-0340",
"datePublished": "2011-05-04T22:00:00",
"dateReserved": "2011-01-06T00:00:00",
"dateUpdated": "2024-08-06T21:51:07.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0488
Vulnerability from cvelistv5
Published
2011-01-18 17:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/42903 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/70396 | vdb-entry, x_refsource_OSVDB | |
| http://www.indusoft.com/blog/?p=337 | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/506864 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2011/0093 | vdb-entry, x_refsource_VUPEN | |
| http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2011/0092 | vdb-entry, x_refsource_VUPEN | |
| http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42883 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/45783 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64678 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42903"
},
{
"name": "70396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.indusoft.com/blog/?p=337"
},
{
"name": "VU#506864",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/506864"
},
{
"name": "ADV-2011-0093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf"
},
{
"name": "ADV-2011-0092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm"
},
{
"name": "42883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42883"
},
{
"name": "45783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45783"
},
{
"name": "indusoft-ntwebserver-bo(64678)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42903"
},
{
"name": "70396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.indusoft.com/blog/?p=337"
},
{
"name": "VU#506864",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/506864"
},
{
"name": "ADV-2011-0093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf"
},
{
"name": "ADV-2011-0092",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm"
},
{
"name": "42883",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42883"
},
{
"name": "45783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45783"
},
{
"name": "indusoft-ntwebserver-bo(64678)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42903"
},
{
"name": "70396",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70396"
},
{
"name": "http://www.indusoft.com/blog/?p=337",
"refsource": "MISC",
"url": "http://www.indusoft.com/blog/?p=337"
},
{
"name": "VU#506864",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/506864"
},
{
"name": "ADV-2011-0093",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0093"
},
{
"name": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD",
"refsource": "CONFIRM",
"url": "http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf"
},
{
"name": "ADV-2011-0092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0092"
},
{
"name": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm",
"refsource": "CONFIRM",
"url": "http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm"
},
{
"name": "42883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42883"
},
{
"name": "45783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45783"
},
{
"name": "indusoft-ntwebserver-bo(64678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0488",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-18T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}