{"api_version":"1","generated_at":"2026-04-23T10:40:12+00:00","cve":"CVE-2011-3330","urls":{"html":"https://cve.report/CVE-2011-3330","api":"https://cve.report/api/cve/CVE-2011-3330.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-3330","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-3330"},"summary":{"title":"CVE-2011-3330","description":"Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2011-11-04 21:55:00","updated_at":"2017-08-29 01:30:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page","name":"http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"400"},{"url":"http://www.securitytracker.com/id?1026234","name":"1026234","refsource":"SECTRACK","tags":[],"title":"Citect Buffer Overflow in UnitelWay Driver Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf","name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf","refsource":"MISC","tags":["US Government Resource"],"title":"404 - File Not Found | CISA","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/46534","name":"46534","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA46534 - Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/70882","name":"schneider-unitelway-bo(70882)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/50319","name":"50319","refsource":"BID","tags":[],"title":"Multiple Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-3330","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3330","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"7.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"monitor_pro","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"3.34","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"opc_factory_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"4.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"pl7_pro","cpe6":"*","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"2.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"telemecanique_driver_pack","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"unity_pro","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3330","vulnerable":"1","versionEndIncluding":"7.20","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"vijeo_citect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2011-3330","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"schneider-unitelway-bo(70882)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/70882"},{"name":"50319","refsource":"BID","url":"http://www.securityfocus.com/bid/50319"},{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf"},{"name":"http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page","refsource":"CONFIRM","url":"http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page"},{"name":"46534","refsource":"SECUNIA","url":"http://secunia.com/advisories/46534"},{"name":"1026234","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1026234"}]}},"nvd":{"publishedDate":"2011-11-04 21:55:00","lastModifiedDate":"2017-08-29 01:30:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:opc_factory_server:*:*:*:*:*:*:*:*","versionEndIncluding":"3.34","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*","versionEndIncluding":"7.20","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:telemecanique_driver_pack:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:monitor_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"7.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:pl7_pro:*:sp5:*:*:*:*:*:*","versionEndIncluding":"4.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"3330","Ordinal":"50575","Title":"CVE-2011-3330","CVE":"CVE-2011-3330","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"3330","Ordinal":"1","NoteData":"Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"3330","Ordinal":"2","NoteData":"2011-11-04","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"3330","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}