CVE-2011-4056

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf	US Government Resource
http://www.usdata.com/sea/factorylink/en/p_nav5.asp	Patch Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf	US Government Resource
http://www.usdata.com/sea/factorylink/en/p_nav5.asp	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:tecnomatix_factorylink:6.6.1:::::::*
	cpe:2.3:a:siemens:tecnomatix_factorylink:7.5.217:::::::*
	cpe:2.3:a:siemens:tecnomatix_factorylink:8.0.2.54:::::::*

History

21 Nov 2024, 01:31

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf - US Government Resource~~	() http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf - US Government Resource
References	~~() http://www.usdata.com/sea/factorylink/en/p_nav5.asp - Patch, Vendor Advisory~~	() http://www.usdata.com/sea/factorylink/en/p_nav5.asp - Patch, Vendor Advisory

Information

Published : 2012-01-08 00:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-4056

Mitre link : CVE-2011-4056

CVE.ORG link : CVE-2011-4056

JSON object : View

Products Affected

siemens

tecnomatix_factorylink

CWE

NVD-CWE-noinfo

{"id": "CVE-2011-4056", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-01-08T00:55:01.940", "references": [{"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method."}, {"lang": "es", "value": "Un control ActiveX no especificado en ActBar.ocx en Siemens Tecnomatix FactoryLink v6.6.1 (aka 6.6 SP1), v7.5.217 (aka 7.5 SP2), y v8.0.2.54 permite a atacantes remotos crear o sobreescribir archivos de su elecci\u00f3n a trav\u00e9s del m\u00e9todo \"save\"."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:tecnomatix_factorylink:6.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD04B4F4-C398-4583-AEC3-3F7F43EC65B4"}, {"criteria": "cpe:2.3:a:siemens:tecnomatix_factorylink:7.5.217:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E0DAE9F-786D-4408-93ED-25E75EB598C4"}, {"criteria": "cpe:2.3:a:siemens:tecnomatix_factorylink:8.0.2.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7211D4-AE67-42B3-BC4F-7F8E5C685123"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}

5.8 /10