ID

VAR-201201-0167


CVE

CVE-2011-4056


TITLE

Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0015 // BID: 51267

DESCRIPTION

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. The following Siemens Tecnomatix FactoryLink versions are vulnerable: V8.0.2.54 V7.5.217 (V7.5 SP2) V6.6.1 (V6.6 SP1)

Trust: 2.7

sources: NVD: CVE-2011-4056 // JVNDB: JVNDB-2012-001028 // CNVD: CNVD-2012-0015 // BID: 51267 // IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52001

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix factorylinkscope:eqversion:7.5.217

Trust: 3.3

vendor:siemensmodel:tecnomatix factorylinkscope:eqversion:8.0.2.54

Trust: 3.3

vendor:siemensmodel:tecnomatix factorylinkscope:eqversion:6.6.1

Trust: 3.3

vendor:tecnomatix factorylinkmodel: - scope:eqversion:6.6.1

Trust: 0.2

vendor:tecnomatix factorylinkmodel: - scope:eqversion:7.5.217

Trust: 0.2

vendor:tecnomatix factorylinkmodel: - scope:eqversion:8.0.2.54

Trust: 0.2

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4056
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4056
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201201-045
value: MEDIUM

Trust: 0.6

IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52001
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4056
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52001
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52001 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4056

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-045

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201201-045

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001028

PATCH

title:Patch Informationurl:http://www.usdata.com/sea/factorylink/en/p_nav5.asp

Trust: 0.8

title:Top Pageurl:http://www.siemens.com

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Tecnomatix FactoryLink ActiveX Patch for Any File Coverage Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/7091

Trust: 0.6

sources: CNVD: CNVD-2012-0015 // JVNDB: JVNDB-2012-001028

EXTERNAL IDS

db:NVDid:CVE-2011-4056

Trust: 3.6

db:ICS CERTid:ICSA-11-343-01

Trust: 3.4

db:BIDid:51267

Trust: 1.0

db:CNNVDid:CNNVD-201201-045

Trust: 0.9

db:CNVDid:CNVD-2012-0015

Trust: 0.8

db:JVNDBid:JVNDB-2012-001028

Trust: 0.8

db:NSFOCUSid:18427

Trust: 0.6

db:IVDid:3D8A8F8A-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52001

Trust: 0.1

sources: IVD: 3d8a8f8a-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0015 // VULHUB: VHN-52001 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf

Trust: 3.1

url:http://www.usdata.com/sea/factorylink/en/p_nav5.asp

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4056

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4056

Trust: 0.8

url:http://www.securityfocus.com/bid/51267

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18427

Trust: 0.6

url:http://www.plm.automation.siemens.com/en_us/products/tecnomatix/production_management/factorylink/index.shtml

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf

Trust: 0.3

sources: CNVD: CNVD-2012-0015 // VULHUB: VHN-52001 // BID: 51267 // JVNDB: JVNDB-2012-001028 // CNNVD: CNNVD-201201-045 // NVD: CVE-2011-4056

CREDITS

Kuang-Chun Hung

Trust: 0.9

sources: BID: 51267 // CNNVD: CNNVD-201201-045

SOURCES

db:IVDid:3d8a8f8a-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0015
db:VULHUBid:VHN-52001
db:BIDid:51267
db:JVNDBid:JVNDB-2012-001028
db:CNNVDid:CNNVD-201201-045
db:NVDid:CVE-2011-4056

LAST UPDATE DATE

2024-08-14T13:36:47.804000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0015date:2012-01-06T00:00:00
db:VULHUBid:VHN-52001date:2012-01-09T00:00:00
db:BIDid:51267date:2012-01-04T00:00:00
db:JVNDBid:JVNDB-2012-001028date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-045date:2012-01-13T00:00:00
db:NVDid:CVE-2011-4056date:2012-01-09T17:55:40.257

SOURCES RELEASE DATE

db:IVDid:3d8a8f8a-2354-11e6-abef-000c29c66e3ddate:2012-01-06T00:00:00
db:CNVDid:CNVD-2012-0015date:2012-01-06T00:00:00
db:VULHUBid:VHN-52001date:2012-01-08T00:00:00
db:BIDid:51267date:2012-01-04T00:00:00
db:JVNDBid:JVNDB-2012-001028date:2012-01-11T00:00:00
db:CNNVDid:CNNVD-201201-045date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4056date:2012-01-08T00:55:01.940