Buffer Overflow in Siemens Tecnomatix FactoryLink ActiveX Control
CVE-2011-4055

Currently unrated

Key Information:

Vendor: Siemens
Status: Tecnomatix Factorylink
Vendor: CVE Published:; 8 January 2012

Summary

A buffer overflow vulnerability exists in the WebClient ActiveX control within Siemens Tecnomatix FactoryLink. This flaw enables remote attackers to execute arbitrary code by sending a specially crafted long string in a URL parameter. This can potentially compromise the integrity and security of the affected systems, allowing unauthorized access and control over affected installations.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72117

vdb-entryx_refsource_XF

http://www.usdata.com/sea/factorylink/en/p_nav5.asp

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 8, 2012
Vulnerability Reserved
Oct 13, 2011