var-201204-0010
Vulnerability from variot
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file. A failed attack can result in a denial of service. To trigger this vulnerability, you need to trick the target user into loading an object from the zip file. ScadaTEC ModbusTagServer and ScadaPhone are prone to a remote buffer-overflow vulnerability. The following versions are vulnerable: ScadaTEC ScadaPhone 5.3.11.1230 and prior. ScadaTEC ModbusTagServer 4.1.1.81 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modbustagserver",
"scope": "lte",
"trust": 1.8,
"vendor": "scadatec",
"version": "4.1.1.81"
},
{
"model": "scadaphone",
"scope": "lte",
"trust": 1.8,
"vendor": "scadatec",
"version": "5.3.11.1230"
},
{
"model": "modbustagserver",
"scope": "eq",
"trust": 1.5,
"vendor": "scadatec",
"version": "4.1.1.81"
},
{
"model": "scadaphone",
"scope": "eq",
"trust": 1.5,
"vendor": "scadatec",
"version": "5.3.11.1230"
},
{
"model": "turbopower abbrevia",
"scope": "lte",
"trust": 1.0,
"vendor": "craig peterson",
"version": "3.05"
},
{
"model": "turbopower abbrevia",
"scope": "lt",
"trust": 0.8,
"vendor": "turbopower abbrevia",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "turbopower abbrevia",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbustagserver",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadaphone",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:scadatec:modbustagserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:scadatec:scadaphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:craig_peterson:turbopower_abbrevia",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mr_me",
"sources": [
{
"db": "BID",
"id": "49560"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4535",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4535",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4535",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file. A failed attack can result in a denial of service. To trigger this vulnerability, you need to trick the target user into loading an object from the zip file. ScadaTEC ModbusTagServer and ScadaPhone are prone to a remote buffer-overflow vulnerability. \nThe following versions are vulnerable:\nScadaTEC ScadaPhone 5.3.11.1230 and prior. \nScadaTEC ModbusTagServer 4.1.1.81 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4535"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4535",
"trust": 2.9
},
{
"db": "ICS CERT",
"id": "ICSA-11-362-01",
"trust": 2.7
},
{
"db": "BID",
"id": "49560",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-3615",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "104993",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-255-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "98702D5C-1F89-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"id": "VAR-201204-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
}
]
},
"last_update_date": "2024-11-23T23:02:55.452000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.scadatec.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://tpabbrevia.sourceforge.net/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-362-01.pdf"
},
{
"trust": 1.6,
"url": "http://sourceforge.net/projects/tpabbrevia/files/abbrevia%204.0.zip/download"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4535"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4535"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.org/files/view/104993/scadatec-overflow.txt"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49560"
},
{
"trust": 0.3,
"url": "http://www.scadatec.com/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-255-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-13T00:00:00",
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"date": "2011-09-09T00:00:00",
"db": "BID",
"id": "49560"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"date": "2012-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"date": "2012-04-03T03:44:36.117000",
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"date": "2012-01-03T19:10:00",
"db": "BID",
"id": "49560"
},
{
"date": "2012-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005031"
},
{
"date": "2011-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"date": "2012-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-008"
},
{
"date": "2024-11-21T01:32:29.790000",
"db": "NVD",
"id": "CVE-2011-4535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ScadaTEC ModbusTagServer and ScadaPhone Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3615"
},
{
"db": "BID",
"id": "49560"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "98702d5c-1f89-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-148"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-008"
}
],
"trust": 1.4
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…