Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-3330

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.

Published

2011-11-04T21:55:03.113

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	monitor_pro	≤ 7.6	Yes
Application	schneider-electric	opc_factory_server	≤ 3.34	Yes
Application	schneider-electric	pl7_pro	≤ 4.5	Yes
Application	schneider-electric	telemecanique_driver_pack	≤ 2.6	Yes
Application	schneider-electric	unity_pro	≤ 6.0	Yes
Application	schneider-electric	vijeo_citect	≤ 7.20	Yes

References

http://secunia.com/advisories/46534 Vendor Advisory ([email protected])
http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/50319 ([email protected])
http://www.securitytracker.com/id?1026234 ([email protected])
http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf US Government Resource ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/70882 ([email protected])
http://secunia.com/advisories/46534 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/50319 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1026234 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70882 (af854a3a-2127-422b-91ae-364da2661108)