Sign-up

ID

VAR-201111-0307


CVE

CVE-2011-3330


TITLE

plural Schneider Electric Product buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-002806

DESCRIPTION

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. There are security vulnerabilities in multiple Schneider products that allow malicious local users to increase privileges. The vulnerability is due to security issues with UnitelWay windows device drivers used by Schneider's multiple products. A local attacker can exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46534 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46534/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46534 RELEASE DATE: 2011-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/46534/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46534/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46534 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Schneider Electric products, which can be exploited by malicious, local users to gain escalated privileges. Successful exploitation may allow execution of arbitrary code. * OPC Factory Server version 3.34. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute - Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: Schneider Electric: http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page ICS-CERT (ICSA-11-277-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2011-3330 // JVNDB: JVNDB-2011-002806 // CNVD: CNVD-2011-4411 // BID: 50319 // IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51275 // PACKETSTORM: 106085

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4411

AFFECTED PRODUCTS

vendor:schneider electricmodel:monitor proscope:lteversion:7.6

Trust: 1.8

vendor:schneider electricmodel:pl7 proscope:lteversion:4.5

Trust: 1.8

vendor:schneider electricmodel:telemecanique driver packscope:lteversion:2.6

Trust: 1.8

vendor:schneider electricmodel:vijeo citectscope:lteversion:7.20

Trust: 1.8

vendor:schneider electricmodel:opc factory serverscope:eqversion:3.34

Trust: 1.4

vendor:schneider electricmodel:unity proscope:lteversion:6.0

Trust: 1.0

vendor:schneider electricmodel:opc factory serverscope:lteversion:3.34

Trust: 1.0

vendor:schneider electricmodel:unity proscope:lteversion:6

Trust: 0.8

vendor:schneidermodel:electric opc factory serverscope:eqversion:3.x

Trust: 0.6

vendor:schneidermodel:electric pl7 proscope:eqversion:4.x

Trust: 0.6

vendor:schneidermodel:electric monitorscope:eqversion:7.x

Trust: 0.6

vendor:schneidermodel:electric telemecanique driver packscope:eqversion:2.x

Trust: 0.6

vendor:schneidermodel:electric unity proscope:eqversion:6.x

Trust: 0.6

vendor:schneidermodel:electric vijeo citectscope:eqversion:7.x

Trust: 0.6

vendor:schneider electricmodel:telemecanique driver packscope:eqversion:2.6

Trust: 0.6

vendor:schneider electricmodel:pl7 proscope:eqversion:4.5

Trust: 0.6

vendor:schneider electricmodel:vijeo citectscope:eqversion:7.20

Trust: 0.6

vendor:schneider electricmodel:monitor proscope:eqversion:7.6

Trust: 0.6

vendor:schneider electricmodel:unity proscope:eqversion:6.0

Trust: 0.6

vendor:schneidermodel:electric vijeo citectscope:eqversion:7.20

Trust: 0.3

vendor:schneidermodel:electric unity proscope:eqversion:6.0

Trust: 0.3

vendor:schneidermodel:electric telemecanique driverscope:eqversion:2.6

Trust: 0.3

vendor:schneidermodel:electric pl7 proscope:eqversion:4.5

Trust: 0.3

vendor:schneidermodel:electric opc factory driverscope:eqversion:3.34

Trust: 0.3

vendor:schneidermodel:electric monitorscope:eqversion:7.6

Trust: 0.3

vendor:monitor promodel: - scope:eqversion:*

Trust: 0.2

vendor:opc factory servermodel: - scope:eqversion:*

Trust: 0.2

vendor:pl7 promodel: - scope:eqversion:*

Trust: 0.2

vendor:telemecanique driver packmodel: - scope:eqversion:*

Trust: 0.2

vendor:unity promodel: - scope:eqversion:*

Trust: 0.2

vendor:vijeo citectmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4411 // BID: 50319 // JVNDB: JVNDB-2011-002806 // CNNVD: CNNVD-201110-579 // NVD: CVE-2011-3330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3330
value: HIGH

Trust: 1.0

NVD: CVE-2011-3330
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201110-579
value: HIGH

Trust: 0.6

IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-51275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3330
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-51275
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-51275 // JVNDB: JVNDB-2011-002806 // CNNVD: CNNVD-201110-579 // NVD: CVE-2011-3330

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51275 // JVNDB: JVNDB-2011-002806 // NVD: CVE-2011-3330

THREAT TYPE

local

Trust: 1.0

sources: BID: 50319 // PACKETSTORM: 106085 // CNNVD: CNNVD-201110-579

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201110-579

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002806

PATCH
title:MyCitect Supporturl:http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page
Trust: 0.8
title:Top Pageurl:http://www.schneider-electric.com/
Trust: 0.8
title:γ‚΅γƒγƒΌγƒˆurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page
Trust: 0.8
title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/jp/
Trust: 0.8
title:Schneider Electric Product UnitelWay Device Driver Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/5582
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-4411 // 
            
            
            
            JVNDB: JVNDB-2011-002806

EXTERNAL IDS
db:NVDid:CVE-2011-3330
Trust: 3.6
db:ICS CERTid:ICSA-11-277-01
Trust: 3.5
db:BIDid:50319
Trust: 2.0
db:SECUNIAid:46534
Trust: 1.9
db:SECTRACKid:1026234
Trust: 1.7
db:CNNVDid:CNNVD-201110-579
Trust: 0.9
db:CNVDid:CNVD-2011-4411
Trust: 0.8
db:JVNDBid:JVNDB-2011-002806
Trust: 0.8
db:NSFOCUSid:18035
Trust: 0.6
db:XFid:70882
Trust: 0.6
db:IVDid:6B45D13C-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-51275
Trust: 0.1
db:PACKETSTORMid:106085
Trust: 0.1
sources:
            
            
            IVD: 6b45d13c-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-4411 // 
            
            
            
            VULHUB: VHN-51275 // 
            
            
            
            BID: 50319 // 
            
            
            
            JVNDB: JVNDB-2011-002806 // 
            
            
            
            PACKETSTORM: 106085 // 
            
            
            
            CNNVD: CNNVD-201110-579 // 
            
            
            
            NVD: CVE-2011-3330

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-277-01.pdf
Trust: 2.9
url:http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page
Trust: 2.1
url:http://www.securityfocus.com/bid/50319
Trust: 1.7
url:http://www.securitytracker.com/id?1026234
Trust: 1.7
url:http://secunia.com/advisories/46534
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/70882
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3330
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3330
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-277-01.pdfhttp
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/70882
Trust: 0.6
url:http://www.nsfocus.net/vulndb/18035
Trust: 0.6
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:http://secunia.com/advisories/46534/
Trust: 0.1
url:http://secunia.com/advisories/46534/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46534
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/products/corporate/vim/ovum_2011_request/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-4411 // 
            
            
            
            VULHUB: VHN-51275 // 
            
            
            
            BID: 50319 // 
            
            
            
            JVNDB: JVNDB-2011-002806 // 
            
            
            
            PACKETSTORM: 106085 // 
            
            
            
            CNNVD: CNNVD-201110-579 // 
            
            
            
            NVD: CVE-2011-3330

CREDITS
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST).
Trust: 0.3
sources:
            
            
            BID: 50319

SOURCES
db:IVDid:6b45d13c-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-4411
db:VULHUBid:VHN-51275
db:BIDid:50319
db:JVNDBid:JVNDB-2011-002806
db:PACKETSTORMid:106085
db:CNNVDid:CNNVD-201110-579
db:NVDid:CVE-2011-3330

LAST UPDATE DATE
2024-11-23T22:56:49.103000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-4411date:2011-10-24T00:00:00
db:VULHUBid:VHN-51275date:2017-08-29T00:00:00
db:BIDid:50319date:2015-03-19T09:31:00
db:JVNDBid:JVNDB-2011-002806date:2011-11-14T00:00:00
db:CNNVDid:CNNVD-201110-579date:2011-11-07T00:00:00
db:NVDid:CVE-2011-3330date:2024-11-21T01:30:16.777

SOURCES RELEASE DATE
db:IVDid:6b45d13c-2354-11e6-abef-000c29c66e3ddate:2011-10-24T00:00:00
db:CNVDid:CNVD-2011-4411date:2011-10-24T00:00:00
db:VULHUBid:VHN-51275date:2011-11-04T00:00:00
db:BIDid:50319date:2011-10-20T00:00:00
db:JVNDBid:JVNDB-2011-002806date:2011-11-14T00:00:00
db:PACKETSTORMid:106085date:2011-10-22T06:39:43
db:CNNVDid:CNNVD-201110-579date:2011-10-25T00:00:00
db:NVDid:CVE-2011-3330date:2011-11-04T21:55:03.113