Details of VAR-201201-0167

ID

VAR-201201-0167

CVE

CVE-2011-4056

TITLE

Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0015 // BID: 51267

DESCRIPTION

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. The following Siemens Tecnomatix FactoryLink versions are vulnerable: V8.0.2.54 V7.5.217 (V7.5 SP2) V6.6.1 (V6.6 SP1)

Trust: 2.7

sources: NVD: CVE-2011-4056 // JVNDB: JVNDB-2012-001028 // CNVD: CNVD-2012-0015 // BID: 51267 // IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52001

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015

AFFECTED PRODUCTS

vendor:	siemens	model:	tecnomatix factorylink	scope:	eq	version:	7.5.217	Trust: 3.3
vendor:	siemens	model:	tecnomatix factorylink	scope:	eq	version:	8.0.2.54	Trust: 3.3
vendor:	siemens	model:	tecnomatix factorylink	scope:	eq	version:	6.6.1	Trust: 3.3
vendor:	tecnomatix factorylink	model:	-	scope:	eq	version:	6.6.1	Trust: 0.2
vendor:	tecnomatix factorylink	model:	-	scope:	eq	version:	7.5.217	Trust: 0.2
vendor:	tecnomatix factorylink	model:	-	scope:	eq	version:	8.0.2.54	Trust: 0.2

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4056
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4056
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201201-045
value:	MEDIUM
Trust: 0.6
IVD:	3d8a8f8a-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-52001
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4056
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	3d8a8f8a-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-52001
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52001 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4056

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-045

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201201-045

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001028

PATCH

title:	Patch Information	url:	http://www.usdata.com/sea/factorylink/en/p_nav5.asp	Trust: 0.8
title:	Top Page	url:	http://www.siemens.com	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/entry/jp/ja/	Trust: 0.8
title:	Siemens Tecnomatix FactoryLink ActiveX Patch for Any File Coverage Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/7091	Trust: 0.6

sources: CNVD: CNVD-2012-0015 // JVNDB: JVNDB-2012-001028

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4056	Trust: 3.6
db:	ICS CERT	id:	ICSA-11-343-01	Trust: 3.4
db:	BID	id:	51267	Trust: 1.0
db:	CNNVD	id:	CNNVD-201201-045	Trust: 0.9
db:	CNVD	id:	CNVD-2012-0015	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-001028	Trust: 0.8
db:	NSFOCUS	id:	18427	Trust: 0.6
db:	IVD	id:	3D8A8F8A-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-52001	Trust: 0.1

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015 // VULHUB: VHN-52001 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf	Trust: 3.1
url:	http://www.usdata.com/sea/factorylink/en/p_nav5.asp	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4056	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4056	Trust: 0.8
url:	http://www.securityfocus.com/bid/51267	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18427	Trust: 0.6
url:	http://www.plm.automation.siemens.com/en_us/products/tecnomatix/production_management/factorylink/index.shtml	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf	Trust: 0.3

sources: CNVD: CNVD-2012-0015 // VULHUB: VHN-52001 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

CREDITS

Kuang-Chun Hung

Trust: 0.9

sources: BID: 51267 // CNNVD: CNNVD-201201-045

SOURCES

db:	IVD	id:	3d8a8f8a-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0015
db:	VULHUB	id:	VHN-52001
db:	BID	id:	51267
db:	JVNDB	id:	JVNDB-2012-001028
db:	CNNVD	id:	CNNVD-201201-045
db:	NVD	id:	CVE-2011-4056

LAST UPDATE DATE

2024-08-14T13:36:47.804000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0015	date:	2012-01-06T00:00:00
db:	VULHUB	id:	VHN-52001	date:	2012-01-09T00:00:00
db:	BID	id:	51267	date:	2012-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2012-001028	date:	2012-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201201-045	date:	2012-01-13T00:00:00
db:	NVD	id:	CVE-2011-4056	date:	2012-01-09T17:55:40.257

SOURCES RELEASE DATE

db:	IVD	id:	3d8a8f8a-2354-11e6-abef-000c29c66e3d	date:	2012-01-06T00:00:00
db:	CNVD	id:	CNVD-2012-0015	date:	2012-01-06T00:00:00
db:	VULHUB	id:	VHN-52001	date:	2012-01-08T00:00:00
db:	BID	id:	51267	date:	2012-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2012-001028	date:	2012-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201201-045	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-4056	date:	2012-01-08T00:55:01.940