var-201201-0167
Vulnerability from variot
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. The following Siemens Tecnomatix FactoryLink versions are vulnerable: V8.0.2.54 V7.5.217 (V7.5 SP2) V6.6.1 (V6.6 SP1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "7.5.217"
},
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "8.0.2.54"
},
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "6.6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "6.6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "7.5.217"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "8.0.2.54"
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:tecnomatix_factorylink",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung",
"sources": [
{
"db": "BID",
"id": "51267"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4056",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-52001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4056",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-045",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. \nThe following Siemens Tecnomatix FactoryLink versions are vulnerable:\nV8.0.2.54\nV7.5.217 (V7.5 SP2)\nV6.6.1 (V6.6 SP1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52001"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4056",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-343-01",
"trust": 3.4
},
{
"db": "BID",
"id": "51267",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0015",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18427",
"trust": 0.6
},
{
"db": "IVD",
"id": "3D8A8F8A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52001",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"id": "VAR-201201-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
}
],
"trust": 0.09
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
}
]
},
"last_update_date": "2024-11-23T22:42:49.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch Information",
"trust": 0.8,
"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Siemens Tecnomatix FactoryLink ActiveX Patch for Any File Coverage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/7091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4056"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4056"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51267"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18427"
},
{
"trust": 0.3,
"url": "http://www.plm.automation.siemens.com/en_us/products/tecnomatix/production_management/factorylink/index.shtml"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-06T00:00:00",
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"date": "2012-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52001"
},
{
"date": "2012-01-04T00:00:00",
"db": "BID",
"id": "51267"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"date": "2012-01-08T00:55:01.940000",
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"date": "2012-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52001"
},
{
"date": "2012-01-04T00:00:00",
"db": "BID",
"id": "51267"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-045"
},
{
"date": "2024-11-21T01:31:46.283000",
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…