CVE-2011-4051
Summary
| CVE | CVE-2011-4051 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-12-05 11:55:06 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Indusoft | Web Studio | 6.1 | All | All | All |
| Application | Indusoft | Web Studio | 7.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | www.zerodayinitiative.com | Patch |
| InduSoft Web Studio - Hotfix Request | af854a3a-2127-422b-91ae-364da2661108 | www.indusoft.com | Patch |
| 404 - File Not Found | CISA | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.