Details of VAR-201110-0491

ID

VAR-201110-0491

CVE

CVE-2011-10034

TITLE

IRAI AUTOMGEN Use After Free Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-4374

DESCRIPTION

AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible. IRAI AUTOMGEN is an industrial control simulation software. IRAI AUTOMGEN is vulnerable to loopholes due to the insufficiency of handling certain files. An attacker can use this problem to execute arbitrary code on an affected machine to achieve the purpose of the attack. A remote attacker successfully exploited this vulnerability to execute arbitrary code, which could cause a denial of service if the exploit failed

Trust: 1.62

sources: NVD: CVE-2011-10034 // CNVD: CNVD-2011-4374 // IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4374

AFFECTED PRODUCTS

vendor:

irai

model:

automgen

scope:

lte

version:

<=8.0.0.7

Trust: 0.8

sources: IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4374

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2011-10034
value:	MEDIUM
Trust: 1.0
IVD:	88bd28fc-1f83-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

IVD:	88bd28fc-1f83-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d // NVD: CVE-2011-10034

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.0

sources: NVD: CVE-2011-10034

TYPE

Access control error

Trust: 0.2

sources: IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	EXPLOIT-DB	id:	17964	Trust: 1.6
db:	NVD	id:	CVE-2011-10034	Trust: 1.0
db:	CNVD	id:	CNVD-2011-4374	Trust: 0.8
db:	EXPLOITDB	id:	EDB-ID:17964	Trust: 0.6
db:	IVD	id:	88BD28FC-1F83-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 88bd28fc-1f83-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4374 // NVD: CVE-2011-10034

REFERENCES

url:	https://www.exploit-db.com/exploits/17964	Trust: 1.0
url:	https://www.vulncheck.com/advisories/irai-automgen-use-after-free-remote-dos	Trust: 1.0
url:	https://en.iraifrance.com/automgen	Trust: 1.0
url:	http://www.exploit-db.com/exploits/17964/	Trust: 0.6

sources: CNVD: CNVD-2011-4374 // NVD: CVE-2011-10034

SOURCES

db:	IVD	id:	88bd28fc-1f83-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-4374
db:	NVD	id:	CVE-2011-10034

LAST UPDATE DATE

2025-11-19T23:29:06.140000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4374	date:	2011-10-20T00:00:00
db:	NVD	id:	CVE-2011-10034	date:	2025-11-14T16:42:30.503

SOURCES RELEASE DATE

db:	IVD	id:	88bd28fc-1f83-11e6-abef-000c29c66e3d	date:	2011-10-20T00:00:00
db:	CNVD	id:	CNVD-2011-4374	date:	2011-10-20T00:00:00
db:	NVD	id:	CVE-2011-10034	date:	2025-11-12T22:15:40.533