CVE-2011-4052 – InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4052
Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name. Un desbordamiento de búfer basado en la pila en CEServer.exe del componente CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 permite a atacantes remotos ejecutar código de su eelcción a través de una operación 0x15 (o sea la eliminación de un archivo) para un archivo con un nombre demasiado largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. • http://www.indusoft.com/hotfixes/hotfixes.php http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf http://www.zerodayinitiative.com/advisories/ZDI-11-329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-4051 – InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4051
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. El componente de CEServer en el módulo de agente remoto en InduSoft Web Studio v6.1 y v7.0 no requiere autenticación, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con la creación de un archivo, la carga de un archivo DLL, y el control de procesos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. • https://www.exploit-db.com/exploits/21837 http://www.indusoft.com/hotfixes/hotfixes.php http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf http://www.zerodayinitiative.com/advisories/ZDI-11-330 • CWE-287: Improper Authentication •
CVE-2011-1900 – Indusoft WebStudio NTWebServer Remote File Access
https://notcve.org/view.php?id=CVE-2011-1900
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. Vulnerabilidad de salto de directorio en NTWebServer de InduSoft Web Studio 6.1 y 7.x anteriores a 7.0+Patch 1 permite a atacantes remotos ejecutar código arbitrario a través de una petición inválida. • http://www.indusoft.com/hotfixes/hotfixes.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-0340 – InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0340
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Múltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la máquina virtual ISSymbol, como se ha distribuído en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar código de su elección a través de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al método OpenScreen. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. • https://www.exploit-db.com/exploits/23500 http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 http://secunia.com/advisories/42928 http://secunia.com/advisories/43116 http://secunia.com/secunia_research/2011-36 http://secunia.com/secunia_research/2011-37 http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm http://www.indusoft.com/hotfixes/hotfixes.php http://www.securityfocus.com/bid/47596 http://www.us-cert.gov/control_systems/pdf/ICS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0488
https://notcve.org/view.php?id=CVE-2011-0488
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. Desbordamiento de búfer basado en pila en NTWebServer.exe en el servicio web de prueba en InduSoft NTWebServer, según se ha distribuido en Advantech Studio v6.1 y InduSoft Web Studio v7.0, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) o posiblemente ejecutar código arbitrario a través de una petición larga al puerto TCP 80. • http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD http://secunia.com/advisories/42883 http://secunia.com/advisories/42903 http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm http://www.indusoft.com/blog/?p=337 http://www.kb.cert.org/vuls/id/506864 http://www.osvdb.org/70396 http://www.securityfocus.com/bid/45783 http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •