VAR-201201-0167
Vulnerability from variot - Updated: 2023-12-18 12:22An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. The following Siemens Tecnomatix FactoryLink versions are vulnerable: V8.0.2.54 V7.5.217 (V7.5 SP2) V6.6.1 (V6.6 SP1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "7.5.217"
},
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "8.0.2.54"
},
{
"model": "tecnomatix factorylink",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "6.6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "6.6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "7.5.217"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tecnomatix factorylink",
"version": "8.0.2.54"
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:tecnomatix_factorylink:8.0.2.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:tecnomatix_factorylink:7.5.217:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:tecnomatix_factorylink:6.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kuang-Chun Hung",
"sources": [
{
"db": "BID",
"id": "51267"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4056",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-52001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4056",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-045",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. Siemens Tecnomatix FactoryLink is an industrial automation software. Supervise, manage and control industrial processes. Siemens Tecnomatix FactoryLink ActiveX has security vulnerabilities. By submitting arbitrary data, files can be saved to any specified location on the target system, and system files can be overwritten. \nThe following Siemens Tecnomatix FactoryLink versions are vulnerable:\nV8.0.2.54\nV7.5.217 (V7.5 SP2)\nV6.6.1 (V6.6 SP1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52001"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4056",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-343-01",
"trust": 3.4
},
{
"db": "BID",
"id": "51267",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0015",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18427",
"trust": 0.6
},
{
"db": "IVD",
"id": "3D8A8F8A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52001",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"id": "VAR-201201-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
}
],
"trust": 1.3930875600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
}
]
},
"last_update_date": "2023-12-18T12:22:08.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch Information",
"trust": 0.8,
"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Siemens Tecnomatix FactoryLink ActiveX Patch for Any File Coverage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/7091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.usdata.com/sea/factorylink/en/p_nav5.asp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4056"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4056"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51267"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18427"
},
{
"trust": 0.3,
"url": "http://www.plm.automation.siemens.com/en_us/products/tecnomatix/production_management/factorylink/index.shtml"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-343-01.pdf "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "VULHUB",
"id": "VHN-52001"
},
{
"db": "BID",
"id": "51267"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-06T00:00:00",
"db": "IVD",
"id": "3d8a8f8a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"date": "2012-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52001"
},
{
"date": "2012-01-04T00:00:00",
"db": "BID",
"id": "51267"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"date": "2012-01-08T00:55:01.940000",
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"date": "2012-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52001"
},
{
"date": "2012-01-04T00:00:00",
"db": "BID",
"id": "51267"
},
{
"date": "2012-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001028"
},
{
"date": "2012-01-09T17:55:40.257000",
"db": "NVD",
"id": "CVE-2011-4056"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0015"
},
{
"db": "BID",
"id": "51267"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…