CVE-2011-4535

Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
craig_petersonturbopower_abbrevia
𝑥
≤ 3.05
scadatecmodbustagserver
𝑥
≤ 4.1.1.81
scadatecscadaphone
𝑥
≤ 5.3.11.1230
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sourceforge.net/projects/tpabbrevia/files/Abbrevia%204.0.zip/download
http://www.us-cert.gov/control_systems/pdf/ICSA-11-362-01.pdf
http://sourceforge.net/projects/tpabbrevia/files/Abbrevia%204.0.zip/download
http://www.us-cert.gov/control_systems/pdf/ICSA-11-362-01.pdf