CVE-2011-1914

Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf	Patch US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:adam_opc_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:advantech:modbus_rtu_opc_server:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:advantech:modbus_tcp_opc_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-02-21 13:31

Updated : 2024-02-04 17:54

NVD link : CVE-2011-1914

Mitre link : CVE-2011-1914

CVE.ORG link : CVE-2011-1914

JSON object : View

Products Affected

advantech

modbus_rtu_opc_server
modbus_tcp_opc_server
adam_opc_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-1914", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-21T13:31:55.877", "references": [{"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf", "tags": ["Patch", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de buffer en Advantech ADAM OLE para el control ActiveX Process Control (OPC) Server de ADAM OPC Server anteriores a 3.01.012, Modbus RTU OPC Server anteriores a 3.01.010, y Modbus TCP OPC Server anteriores a 3.01.010 permite a atacantes remotos ejecutar c\u00f3digo arbitrrio a trav\u00e9s de vectores sin especificar."}], "lastModified": "2012-02-23T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:adam_opc_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE48CA55-8B36-48D2-80B4-14DF02EABC7A", "versionEndIncluding": "3.01.011"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:modbus_rtu_opc_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06343EBC-8B66-4D3B-B8D8-EB6CFB7F2A9A", "versionEndIncluding": "3.01.010"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:modbus_tcp_opc_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE7C3B9-7E3E-4762-BCC1-928D50A2CD87", "versionEndIncluding": "3.01.09"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}