Details of VAR-201107-0257

ID

VAR-201107-0257

CVE

CVE-2011-2957

TITLE

Rockwell Automation FactoryTalk Diagnostics Viewer '.ftd' File code execution vulnerability

Trust: 0.8

sources: IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2965

DESCRIPTION

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption. Rockwell Automation is a provider of industrial automation, control and information technology solutions. An attacker can exploit this issue by enticing an unsuspecting victim to use a malicious '.ftd' configuration file. Successful exploits will result in the execution of arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Versions prior to FactoryTalk Diagnostics Viewer 2.30.00 are vulnerable. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FactoryTalk Services Platform Diagnostics Viewer File Processing Vulnerability SECUNIA ADVISORY ID: SA45470 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45470/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45470 RELEASE DATE: 2011-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/45470/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45470/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45470 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FactoryTalk Services Platform, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the FactoryTalk Diagnostics Viewer using a vulnerable version of Microsoft Visual Studio Active Template Library (ATL). SOLUTION: Update to version 2.30.00 (CPR9 SR3). PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS CERT. ORIGINAL ADVISORY: Rockwell Automation: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/448424 ICS CERT (ICSA-11-175-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2011-2957 // JVNDB: JVNDB-2011-003486 // CNVD: CNVD-2011-2965 // BID: 48962 // IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-50902 // PACKETSTORM: 103693

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2965

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk diagnostics viewer	scope:	eq	version:	2.10	Trust: 1.6
vendor:	rockwellautomation	model:	factorytalk diagnostics viewer	scope:	eq	version:	2.10.01	Trust: 1.6
vendor:	rockwellautomation	model:	factorytalk diagnostics viewer	scope:	lte	version:	2.10.02	Trust: 1.0
vendor:	rockwell	model:	automation factorytalk diagnostics viewer	scope:	eq	version:	2.10.00	Trust: 0.9
vendor:	rockwell automation	model:	factorytalk diagnostics viewer	scope:	lt	version:	v2.30.00 (cpr9 sr3)	Trust: 0.8
vendor:	rockwellautomation	model:	factorytalk diagnostics viewer	scope:	eq	version:	2.10.02	Trust: 0.6
vendor:	rockwell	model:	automation factorytalk diagnostics viewer	scope:	ne	version:	2.30.00	Trust: 0.3
vendor:	factorytalk diagnostics viewer	model:	-	scope:	eq	version:	2.10	Trust: 0.2
vendor:	factorytalk diagnostics viewer	model:	-	scope:	eq	version:	2.10.01	Trust: 0.2
vendor:	factorytalk diagnostics viewer	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2965 // BID: 48962 // JVNDB: JVNDB-2011-003486 // CNNVD: CNNVD-201107-433 // NVD: CVE-2011-2957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2957
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2957
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201107-433
value:	MEDIUM
Trust: 0.6
IVD:	c2d5bc46-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-50902
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2957
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	c2d5bc46-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-50902
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-50902 // JVNDB: JVNDB-2011-003486 // CNNVD: CNNVD-201107-433 // NVD: CVE-2011-2957

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-2957

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201107-433

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201107-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003486

PATCH

title:	Top Page	url:	http://www.rockwellautomation.com/	Trust: 0.8
title:	Partner	url:	http://jp.rockwellautomation.com/applications/gs/ap/gsjp.nsf/pages/partner	Trust: 0.8
title:	Top Page	url:	http://jp.rockwellautomation.com/	Trust: 0.8
title:	Rockwell Automation FactoryTalk Diagnostics Viewer '.ftd' file remote code execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/4601	Trust: 0.6

sources: CNVD: CNVD-2011-2965 // JVNDB: JVNDB-2011-003486

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2957	Trust: 3.6
db:	ICS CERT	id:	ICSA-11-175-01	Trust: 2.9
db:	BID	id:	48962	Trust: 1.4
db:	CNNVD	id:	CNNVD-201107-433	Trust: 0.9
db:	CNVD	id:	CNVD-2011-2965	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003486	Trust: 0.8
db:	IVD	id:	C2D5BC46-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SECUNIA	id:	45470	Trust: 0.2
db:	VULHUB	id:	VHN-50902	Trust: 0.1
db:	PACKETSTORM	id:	103693	Trust: 0.1

sources: IVD: c2d5bc46-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-2965 // VULHUB: VHN-50902 // BID: 48962 // JVNDB: JVNDB-2011-003486 // PACKETSTORM: 103693 // CNNVD: CNNVD-201107-433 // NVD: CVE-2011-2957

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-175-01.pdf	Trust: 2.9
url:	http://rockwellautomation.custhelp.com/app/answers/detail/a_id/448424	Trust: 2.1
url:	http://www.securityfocus.com/bid/48962	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2957	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2957	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2011-2957&search_type=all&cves=onhttp	Trust: 0.6
url:	http://www.rockwellautomation.com/	Trust: 0.3
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/45470/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=45470	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/45470/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-2965 // VULHUB: VHN-50902 // BID: 48962 // JVNDB: JVNDB-2011-003486 // PACKETSTORM: 103693 // CNNVD: CNNVD-201107-433 // NVD: CVE-2011-2957

CREDITS

Billy Rios and Terry McCorkle.

Trust: 0.3

sources: BID: 48962

SOURCES

db:	IVD	id:	c2d5bc46-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-2965
db:	VULHUB	id:	VHN-50902
db:	BID	id:	48962
db:	JVNDB	id:	JVNDB-2011-003486
db:	PACKETSTORM	id:	103693
db:	CNNVD	id:	CNNVD-201107-433
db:	NVD	id:	CVE-2011-2957

LAST UPDATE DATE

2025-04-11T23:10:01.155000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-2965	date:	2011-08-03T00:00:00
db:	VULHUB	id:	VHN-50902	date:	2011-08-12T00:00:00
db:	BID	id:	48962	date:	2011-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2011-003486	date:	2011-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201107-433	date:	2011-07-29T00:00:00
db:	NVD	id:	CVE-2011-2957	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	c2d5bc46-2354-11e6-abef-000c29c66e3d	date:	2011-08-03T00:00:00
db:	CNVD	id:	CNVD-2011-2965	date:	2011-08-03T00:00:00
db:	VULHUB	id:	VHN-50902	date:	2011-07-28T00:00:00
db:	BID	id:	48962	date:	2011-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2011-003486	date:	2011-12-22T00:00:00
db:	PACKETSTORM	id:	103693	date:	2011-08-03T03:38:18
db:	CNNVD	id:	CNNVD-201107-433	date:	2011-07-29T00:00:00
db:	NVD	id:	CVE-2011-2957	date:	2011-07-28T18:55:03.737