{"api_version":"1","generated_at":"2026-07-01T09:20:00+00:00","cve":"CVE-2011-4051","urls":{"html":"https://cve.report/CVE-2011-4051","api":"https://cve.report/api/cve/CVE-2011-4051.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-4051","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-4051"},"summary":{"title":"CVE-2011-4051","description":"CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.","state":"PUBLISHED","assigner":"certcc","published_at":"2011-12-05 11:55:06","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/","name":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.indusoft.com/hotfixes/hotfixes.php","name":"http://www.indusoft.com/hotfixes/hotfixes.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"InduSoft Web Studio - Hotfix Request","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf","name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"404 - File Not Found | CISA","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-4051","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4051","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"4051","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"web_studio","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4051","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"web_studio","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T23:53:32.634Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2011-12-05T11:00:00.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"tags":["x_refsource_MISC"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2011-4051","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf"},{"name":"http://www.indusoft.com/hotfixes/hotfixes.php","refsource":"CONFIRM","url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-11-330/"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2011-4051","datePublished":"2011-12-05T11:00:00.000Z","dateReserved":"2011-10-13T00:00:00.000Z","dateUpdated":"2024-09-17T00:01:05.313Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-12-05 11:55:06","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*","matchCriteriaId":"82BF1958-F098-4E55-B97C-F15253A63228"},{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:web_studio:7.0:*:*:*:*:*:*:*","matchCriteriaId":"9033E5E6-3FC5-448A-BA52-A03DDEA638A6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"4051","Ordinal":"1","Title":"CVE-2011-4051","CVE":"CVE-2011-4051","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"4051","Ordinal":"1","NoteData":"CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.","Type":"Description","Title":"CVE-2011-4051"},{"CveYear":"2011","CveId":"4051","Ordinal":"2","NoteData":"2011-12-05","Type":"Other","Title":"Published"}]}}}