CVE-2011-3330: Buffer Overflow
First published: Fri Nov 04 2011(Updated: )
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Monitor Pro | <=7.6 | |
| OPC Factory Server | <=3.34 | |
| Schneider Electric PL7 Pro | <=4.5 | |
| Schneider Electric Telemecanique Driver Pack | <=2.6 | |
| Unity Pro | <=6.0 | |
| Vijeo Citect | <=7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page
- http://www.securityfocus.com/bid/50319
- http://www.securitytracker.com/id?1026234
- http://secunia.com/advisories/46534
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70882
Frequently Asked Questions
What is the severity of CVE-2011-3330?
CVE-2011-3330 has a medium severity rating due to its potential for buffer overflow vulnerabilities.
How do I fix CVE-2011-3330?
To fix CVE-2011-3330, update the affected software to the latest version provided by Schneider Electric.
Which versions are affected by CVE-2011-3330?
CVE-2011-3330 affects Unity Pro versions up to 6.0, OPC Factory Server up to 3.34, Vijeo Citect up to 7.20, Telemecanique Driver Pack up to 2.6, Monitor Pro up to 7.6, and PL7 Pro up to 4.5.
Who can exploit CVE-2011-3330?
CVE-2011-3330 can potentially be exploited by local users with access to the affected software.
Are there any workarounds for CVE-2011-3330?
There are no specific workarounds for CVE-2011-3330; the recommended action is to apply the available patches.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/schneider-electric
- canonical/monitor pro
- version/monitor pro/7.6
- canonical/opc factory server
- version/opc factory server/3.34
- canonical/schneider electric pl7 pro
- version/schneider electric pl7 pro/4.5
- canonical/schneider electric telemecanique driver pack
- version/schneider electric telemecanique driver pack/2.6
- canonical/unity pro
- version/unity pro/6.0
- canonical/vijeo citect
- version/vijeo citect/7.20