CVE-2011-2957

EUVD-2011-2925
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
rockwellautomationfactorytalk_diagnostics_viewer
𝑥
≤ 2.10.02
rockwellautomationfactorytalk_diagnostics_viewer
2.10
rockwellautomationfactorytalk_diagnostics_viewer
2.10.01
𝑥
= Vulnerable software versions
References
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/448424
http://www.securityfocus.com/bid/48962
http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-01.pdf
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/448424
http://www.securityfocus.com/bid/48962
http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-01.pdf