Search criteria
12 vulnerabilities found for vijeo_historian by schneider-electric
FKIE_CVE-2011-4035
Vulnerability from fkie_nvd - Published: 2011-12-02 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA173AD2-52AF-4401-9A29-757B68168B4D",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3E11B-E433-4D89-9525-8159CEC30DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2788D1E5-206A-4AC8-AA28-65E5EE268B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "99B88BED-7F2F-4F89-9BD1-B7EDC1608531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "859A64AD-1FB2-4A7C-AE4D-26951FC050F9",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B491E331-B533-4E09-966E-45A3BE724C5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106C6198-C341-4B10-8788-A8FA51F137F1",
"versionEndIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38765B0B-9C09-4BC0-9E50-D0C6E8969A77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4035",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-02T11:55:05.450",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "cret@cert.org",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4033
Vulnerability from fkie_nvd - Published: 2011-12-02 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA173AD2-52AF-4401-9A29-757B68168B4D",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3E11B-E433-4D89-9525-8159CEC30DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2788D1E5-206A-4AC8-AA28-65E5EE268B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "99B88BED-7F2F-4F89-9BD1-B7EDC1608531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "859A64AD-1FB2-4A7C-AE4D-26951FC050F9",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B491E331-B533-4E09-966E-45A3BE724C5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106C6198-C341-4B10-8788-A8FA51F137F1",
"versionEndIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38765B0B-9C09-4BC0-9E50-D0C6E8969A77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4033",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-02T11:55:05.090",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "cret@cert.org",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4036
Vulnerability from fkie_nvd - Published: 2011-12-02 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA173AD2-52AF-4401-9A29-757B68168B4D",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3E11B-E433-4D89-9525-8159CEC30DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2788D1E5-206A-4AC8-AA28-65E5EE268B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "99B88BED-7F2F-4F89-9BD1-B7EDC1608531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "859A64AD-1FB2-4A7C-AE4D-26951FC050F9",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B491E331-B533-4E09-966E-45A3BE724C5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106C6198-C341-4B10-8788-A8FA51F137F1",
"versionEndIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38765B0B-9C09-4BC0-9E50-D0C6E8969A77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4036",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-02T11:55:05.607",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "cret@cert.org",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4034
Vulnerability from fkie_nvd - Published: 2011-12-02 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 | Patch, Vendor Advisory | |
| cret@cert.org | http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page | Patch, Vendor Advisory | |
| cret@cert.org | http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf | Patch, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA173AD2-52AF-4401-9A29-757B68168B4D",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00E3E11B-E433-4D89-9525-8159CEC30DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2788D1E5-206A-4AC8-AA28-65E5EE268B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:vijeo_historian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "99B88BED-7F2F-4F89-9BD1-B7EDC1608531",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "859A64AD-1FB2-4A7C-AE4D-26951FC050F9",
"versionEndIncluding": "4.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citecthistorian:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B491E331-B533-4E09-966E-45A3BE724C5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106C6198-C341-4B10-8788-A8FA51F137F1",
"versionEndIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:schneider-electric:citectscada_reports:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38765B0B-9C09-4BC0-9E50-D0C6E8969A77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4034",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-02T11:55:05.277",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4035 (GCVE-0-2011-4035)
Vulnerability from cvelistv5 – Published: 2011-12-02 11:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "schneider-unspec-xss(71503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "schneider-unspec-xss(71503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "schneider-unspec-xss(71503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4035",
"datePublished": "2011-12-02T11:00:00",
"dateReserved": "2011-10-13T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4036 (GCVE-0-2011-4036)
Vulnerability from cvelistv5 – Published: 2011-12-02 11:00 – Updated: 2024-09-16 18:13
VLAI?
Summary
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4036",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:13:14.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4033 (GCVE-0-2011-4033)
Vulnerability from cvelistv5 – Published: 2011-12-02 11:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4033",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:42.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4034 (GCVE-0-2011-4034)
Vulnerability from cvelistv5 – Published: 2011-12-02 11:00 – Updated: 2024-09-16 23:16
VLAI?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4034",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:13.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4035 (GCVE-0-2011-4035)
Vulnerability from nvd – Published: 2011-12-02 11:00 – Updated: 2024-08-06 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "schneider-unspec-xss(71503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "schneider-unspec-xss(71503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "schneider-unspec-xss(71503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71503"
},
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4035",
"datePublished": "2011-12-02T11:00:00",
"dateReserved": "2011-10-13T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4036 (GCVE-0-2011-4036)
Vulnerability from nvd – Published: 2011-12-02 11:00 – Updated: 2024-09-16 18:13
VLAI?
Summary
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4036",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:13:14.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4033 (GCVE-0-2011-4033)
Vulnerability from nvd – Published: 2011-12-02 11:00 – Updated: 2024-09-17 00:31
VLAI?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4033",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:42.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4034 (GCVE-0-2011-4034)
Vulnerability from nvd – Published: 2011-12-02 11:00 – Updated: 2024-09-16 23:16
VLAI?
Summary
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-02T11:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page",
"refsource": "CONFIRM",
"url": "http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf"
},
{
"name": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695",
"refsource": "CONFIRM",
"url": "http://www.citect.com/index.php?option=com_content\u0026view=article\u0026id=1656\u0026Itemid=1695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4034",
"datePublished": "2011-12-02T11:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:16:13.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}