Sign-up

ID

VAR-201107-0256


CVE

CVE-2011-2956


TITLE

AzeoTech DAQFactory Denial of service vulnerability

Trust: 1.7

sources: IVD: c29256d6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3322 // BID: 48955 // CNNVD: CNNVD-201107-432

DESCRIPTION

AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. ( System restart or shutdown ) There is a vulnerability that becomes a condition.Service disruption via a signal by a third party ( System restart or shutdown ) There is a possibility of being put into a state. AzeoTech DAQFactory is a complete system solution that embraces data acquisition, process control and data analysis. AzeoTech DAQFactory has a denial of service vulnerability that a malicious attacker can use to cause a denial of service. AzeoTech DAQFactory is prone to a denial-of-service vulnerability. Versions prior to DAQFactory 5.85 are vulnerable. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: AzeoTech DAQFactory Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45633 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45633/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45633 RELEASE DATE: 2011-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/45633/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45633/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45633 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in AzeoTech DAQFactory, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error related to certain network features and can be exploited to cause a crash. SOLUTION: Update to version 5.85 build 1842. PROVIDED AND/OR DISCOVERED BY: nSense via ICS-CERT. ORIGINAL ADVISORY: AzeoTech: http://www.azeotech.com/revisionhistory.php ISC-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-2956 // JVNDB: JVNDB-2011-003485 // CNVD: CNVD-2011-3322 // BID: 48955 // IVD: c29256d6-2354-11e6-abef-000c29c66e3d // PACKETSTORM: 104369

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: c29256d6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3322

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope:eqversion:5.01

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:3.53

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:3.10

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:5.0

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:3.55

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:4.11

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:3.52

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:4.10

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:4.00

Trust: 1.6

vendor:azeotechmodel:daqfactoryscope:eqversion:3.5

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.05

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.73

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.09

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.51

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.72

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.11

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.83

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.03

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.77

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.82

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.75

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.0

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.10

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.40

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.71

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.74

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.32

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.11

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.35

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.31

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.02

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.36

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.76

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.15

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.78

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:3.03

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.05

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.80

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.33

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.70

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.34

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.38

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.39

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.04

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.37

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.79

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.30

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:5.12

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:lteversion:5.84

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:ltversion:5.85 (build 1842)

Trust: 0.8

vendor:azeotechmodel:daqfactory buildscope:ltversion:5.851842

Trust: 0.6

vendor:azeotechmodel:daqfactoryscope:eqversion:5.84

Trust: 0.6

vendor:daqfactorymodel: - scope:eqversion:5.83

Trust: 0.4

vendor:daqfactorymodel: - scope:eqversion:3.0

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.03

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.05

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.5

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.09

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.10

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.11

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.51

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.52

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.53

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:3.55

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:4.00

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:4.10

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:4.11

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.0

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.01

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.02

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.03

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.04

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.05

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.10

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.11

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.12

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.15

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.30

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.31

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.32

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.33

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.34

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.35

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.36

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.37

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.38

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.39

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.40

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.70

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.71

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.72

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.73

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.74

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.75

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.76

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.77

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.78

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.79

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.80

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:5.82

Trust: 0.2

vendor:daqfactorymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: c29256d6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3322 // JVNDB: JVNDB-2011-003485 // CNNVD: CNNVD-201107-432 // NVD: CVE-2011-2956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2956
value: HIGH

Trust: 1.0

NVD: CVE-2011-2956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201107-432
value: HIGH

Trust: 0.6

IVD: c29256d6-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2011-2956
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: c29256d6-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: c29256d6-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003485 // CNNVD: CNNVD-201107-432 // NVD: CVE-2011-2956

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2011-003485 // NVD: CVE-2011-2956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-432

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201107-432

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003485

PATCH
title:Top Pageurl:http://www.azeotech.com/daqfactory.php
Trust: 0.8
title:AzeoTech DAQFactory denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/4868
Trust: 0.6
title:DAQFactoryR5Insturl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41041
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-3322 // 
            
            
            
            JVNDB: JVNDB-2011-003485 // 
            
            
            
            CNNVD: CNNVD-201107-432

EXTERNAL IDS
db:NVDid:CVE-2011-2956
Trust: 3.5
db:ICS CERTid:ICSA-11-122-01
Trust: 2.8
db:CNVDid:CNVD-2011-3322
Trust: 0.8
db:CNNVDid:CNNVD-201107-432
Trust: 0.8
db:SECUNIAid:45633
Trust: 0.8
db:JVNDBid:JVNDB-2011-003485
Trust: 0.8
db:BIDid:48955
Trust: 0.3
db:IVDid:C29256D6-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:104369
Trust: 0.1
sources:
            
            
            IVD: c29256d6-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-3322 // 
            
            
            
            BID: 48955 // 
            
            
            
            JVNDB: JVNDB-2011-003485 // 
            
            
            
            PACKETSTORM: 104369 // 
            
            
            
            CNNVD: CNNVD-201107-432 // 
            
            
            
            NVD: CVE-2011-2956

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-122-01.pdf
Trust: 2.8
url:http://www.azeotech.com/revisionhistory.php
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2956
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2956
Trust: 0.8
url:http://secunia.com/advisories/45633/
Trust: 0.7
url:http://www.azeotech.com/index.php
Trust: 0.3
url:http://seclists.org/fulldisclosure/2011/oct/532
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45633
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/blog/242
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/45633/#comments
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-3322 // 
            
            
            
            BID: 48955 // 
            
            
            
            JVNDB: JVNDB-2011-003485 // 
            
            
            
            PACKETSTORM: 104369 // 
            
            
            
            CNNVD: CNNVD-201107-432 // 
            
            
            
            NVD: CVE-2011-2956

CREDITS
Knud Erik Højgaard of nsense.
Trust: 0.3
sources:
            
            
            BID: 48955

SOURCES
db:IVDid:c29256d6-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3322
db:BIDid:48955
db:JVNDBid:JVNDB-2011-003485
db:PACKETSTORMid:104369
db:CNNVDid:CNNVD-201107-432
db:NVDid:CVE-2011-2956

LAST UPDATE DATE
2025-04-11T23:20:43.973000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-3322date:2011-08-24T00:00:00
db:BIDid:48955date:2011-10-12T23:30:00
db:JVNDBid:JVNDB-2011-003485date:2011-12-22T00:00:00
db:CNNVDid:CNNVD-201107-432date:2011-07-29T00:00:00
db:NVDid:CVE-2011-2956date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:c29256d6-2354-11e6-abef-000c29c66e3ddate:2011-08-24T00:00:00
db:CNVDid:CNVD-2011-3322date:2011-08-24T00:00:00
db:BIDid:48955date:2011-06-24T00:00:00
db:JVNDBid:JVNDB-2011-003485date:2011-12-22T00:00:00
db:PACKETSTORMid:104369date:2011-08-23T12:11:05
db:CNNVDid:CNNVD-201107-432date:2011-07-29T00:00:00
db:NVDid:CVE-2011-2956date:2011-07-28T18:55:03.250