Vulnerabilites related to arcinfo - PcVue
Vulnerability from fkie_nvd
Published
2012-04-03 03:44
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:frontvue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B019234-D1AB-498E-A047-00BCC3615CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA0A812-C7F7-4651-9290-EFB099D111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CA6F24-A3D3-4FE7-80C9-625BE5DDFAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1719190-35E4-4056-AC19-ED8C3190BF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210BA70E-D58C-446C-8701-94089B844DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:plantvue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "241F982C-C133-4685-8031-C17EBEECBE92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer."
},
{
"lang": "es",
"value": "Control ActiveX no determinado en SVUIGrd.ocx en ARC Informatique PcVue v6.0 hasta v10.0, FrontVue, y PlantVue permite a atacantes remotos ejecutar c\u00f3digo usando un documento HTML manipulado para obtener el control de un puntero a una funci\u00f3n."
}
],
"id": "CVE-2011-4042",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-03T03:44:35.930",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-03 03:44
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:frontvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B70D1F4-70EC-4AA9-8C9E-2D98A64443AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA0A812-C7F7-4651-9290-EFB099D111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CA6F24-A3D3-4FE7-80C9-625BE5DDFAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1719190-35E4-4056-AC19-ED8C3190BF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210BA70E-D58C-446C-8701-94089B844DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:plantvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4005489C-7D69-40A1-9CAE-EB95251BE6D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en un control ActiveX no determinado en aipgctl.ocx en ARC Informatique PcVue v6.0 hasta v10.0, FrontVue, y PlantVue, permite a atacantes remotos provocar una denegaci\u00f3n de servicio mediante un documento HTML manipulado."
}
],
"id": "CVE-2011-4045",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-03T03:44:36.070",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-03 03:44
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:frontvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B70D1F4-70EC-4AA9-8C9E-2D98A64443AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA0A812-C7F7-4651-9290-EFB099D111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CA6F24-A3D3-4FE7-80C9-625BE5DDFAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1719190-35E4-4056-AC19-ED8C3190BF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210BA70E-D58C-446C-8701-94089B844DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:plantvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4005489C-7D69-40A1-9CAE-EB95251BE6D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en un control ActiveX no terminado en SVUIGrd.ocx en ARC Informatique PcVue v6.0 hasta v10.0, FrontVue, y PlantVue, permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de un valor muy grande en un par\u00e1metro entero, provocando un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2011-4043",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-03T03:44:35.977",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-03 03:44
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:frontvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B70D1F4-70EC-4AA9-8C9E-2D98A64443AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA0A812-C7F7-4651-9290-EFB099D111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CA6F24-A3D3-4FE7-80C9-625BE5DDFAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1719190-35E4-4056-AC19-ED8C3190BF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "210BA70E-D58C-446C-8701-94089B844DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:plantvue:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4005489C-7D69-40A1-9CAE-EB95251BE6D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods."
},
{
"lang": "es",
"value": "Control ActiveX no determinado en SVUIGrd.ocx en ARC Informatique PcVue v6.0 hasta v10.0, FrontVue, y PlantVue permite a atacantes remotos modificar ficheros a trav\u00e9s de llamadas a m\u00e9todos no determinados."
}
],
"id": "CVE-2011-4044",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-03T03:44:36.023",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-12056 (GCVE-0-2024-12056)
Vulnerability from cvelistv5
Published
2024-12-04 14:30
Modified
2024-12-04 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Summary
The Client secret is not checked when using the OAuth Password grant type.
By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.
Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:47:29.632279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:00:50.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"OAuth web service"
],
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"lessThan": "16.2.2",
"status": "affected",
"version": "12.0",
"versionType": "cpe"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only the Web server where the Web \u0026amp; Mobile features are deployed are affected."
}
],
"value": "Only the Web server where the Web \u0026 Mobile features are deployed are affected."
}
],
"datePublic": "2024-12-01T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Client secret is not checked when using the OAuth Password grant type.\u003cbr\u003e\u003cbr\u003eBy exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.\u003cbr\u003eExploitation requires valid credentials and does not permit the attacker to bypass user privileges.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The Client secret is not checked when using the OAuth Password grant type.\n\nBy exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.\nExploitation requires valid credentials and does not permit the attacker to bypass user privileges."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited."
}
],
"value": "Not known to be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:N/R:U/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:30:35.838Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/security/#SB2024-4"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cu\u003eUninstall the Web Server:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eThe OAuth web service is part of the Web Server for PcVue. If your system does not require the use of the Web \u0026amp; Mobile features, you should make sure not to install them. \u003cbr\u003e\u003cbr\u003e\u003cb\u003e\u003cu\u003eUpdate the Web Deployment Console (WDC) and re deploy the Web Server:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eInstall a patched release of product, including the Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server.\u003cbr\u003e\u003cbr\u003e\u003cu\u003e\u003cb\u003eAvailable patches:\u003c/b\u003e\u003c/u\u003e\u003cbr\u003eFixed in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 16.2.2\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Uninstall the Web Server:\nThe OAuth web service is part of the Web Server for PcVue. If your system does not require the use of the Web \u0026 Mobile features, you should make sure not to install them. \n\nUpdate the Web Deployment Console (WDC) and re deploy the Web Server:\nInstall a patched release of product, including the Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server.\n\nAvailable patches:\nFixed in:\n * PcVue 16.2.2"
}
],
"source": {
"advisory": "SB2024-4",
"discovery": "INTERNAL"
},
"title": "Client Secret not checked with OAuth Password grant type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2024-12056",
"datePublished": "2024-12-04T14:30:35.838Z",
"dateReserved": "2024-12-02T19:57:19.644Z",
"dateUpdated": "2024-12-04T15:00:50.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4384 (GCVE-0-2025-4384)
Vulnerability from cvelistv5
Published
2025-05-06 15:59
Modified
2025-05-15 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-298 - Improper Validation of Certificate Expiration
Summary
The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly.
The use of a client certificate reduces the risk for random devices to take advantage of this flaw.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:28:43.088933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:28:57.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"MQTT add-on"
],
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"status": "unaffected",
"version": "16.3.0",
"versionType": "cpe"
},
{
"lessThan": "16.2.5",
"status": "affected",
"version": "16.0",
"versionType": "cpe"
},
{
"status": "affected",
"version": "15.0",
"versionType": "cpe"
}
]
}
],
"datePublic": "2025-05-05T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MQTT add-on of PcVue fails to verify that a remote device\u2019s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly.\u003cbr\u003e\u003cbr\u003eThe use of a client certificate reduces the risk for random devices to take advantage of this flaw.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The MQTT add-on of PcVue fails to verify that a remote device\u2019s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly.\n\nThe use of a client certificate reduces the risk for random devices to take advantage of this flaw."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited."
}
],
"value": "Not known to be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-298",
"description": "CWE-298 Improper Validation of Certificate Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:20:48.205Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/#SB2025-3"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cu\u003eHarden the configuration\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eWho should apply this recommendation: All users\u003cbr\u003eThe system operators are highly recommended to take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\u003cbr\u003e\u003cul\u003e\u003cli\u003eUse client certificate when configuring the MQTT add-on.\u003c/li\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet unless required.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003e\u003cu\u003eUpdate PcVue\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eWho should apply this recommendation: All users using the affected component\u003cbr\u003eApply the patch by installing a fixed PcVue version.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cu\u003e\u003cb\u003eAvailable patches:\u003c/b\u003e\u003c/u\u003e\u003cbr\u003eFixed in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 16.2.5 and PcVue 16.3.0\u003c/li\u003e\u003c/ul\u003ePlanned in:\u003cul\u003e\u003cli\u003ePcVue 15.2.12\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Harden the configuration\nWho should apply this recommendation: All users\nThe system operators are highly recommended to take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n * Use client certificate when configuring the MQTT add-on.\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet unless required.\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\nUpdate PcVue\nWho should apply this recommendation: All users using the affected component\nApply the patch by installing a fixed PcVue version.\n\n\nAvailable patches:\nFixed in:\n * PcVue 16.2.5 and PcVue 16.3.0\n\n\nPlanned in: * PcVue 15.2.12"
}
],
"source": {
"advisory": "SB2025-3",
"discovery": "INTERNAL"
},
"title": "Certificate validity not properly verified",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2025-4384",
"datePublished": "2025-05-06T15:59:27.839Z",
"dateReserved": "2025-05-06T15:02:58.174Z",
"dateUpdated": "2025-05-15T20:20:48.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12057 (GCVE-0-2024-12057)
Vulnerability from cvelistv5
Published
2024-12-09 19:08
Modified
2025-03-21 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.
By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T21:22:40.386531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T21:22:49.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Server Extensions"
],
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"lessThan": "16.2.4",
"status": "affected",
"version": "16.0.0",
"versionType": "cpe"
},
{
"lessThan": "15.2.11",
"status": "affected",
"version": "15.0.0",
"versionType": "cpe"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only servers where the Web \u0026amp; Mobile features are deployed are affected.\u003cbr\u003eThe PcVue Web back end and the Web Server must run different versions."
}
],
"value": "Only servers where the Web \u0026 Mobile features are deployed are affected.\nThe PcVue Web back end and the Web Server must run different versions."
}
],
"datePublic": "2024-12-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User credentials (login \u0026amp; password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.\u003cbr\u003eBy exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application."
}
],
"value": "User credentials (login \u0026 password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.\nBy exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited"
}
],
"value": "Not known to be exploited"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:55:47.995Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/#SB2024-6"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cu\u003eUninstall the Web Server\u003cbr\u003e\u003c/u\u003e\u003c/b\u003eIf your system does not require the use of the Web \u0026amp; Mobile features, you should make sure not to install them. \u003cbr\u003e\u003cb\u003e\u003cu\u003e\u003cbr\u003eRe-deploy the Web Server:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eRe-deploy the Web Server with the Web Deployment Console (WDC) provided with the PcVue Web back end installation so that the PcVue Web back end and the Web server run the same version.\u003cbr\u003e\u003cbr\u003e\n\n\u003cb\u003e\u003cu\u003eUpdate the PcVue Web back end\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eInstall a patched release of the product, including the Web back end and Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server. In case of future updates, credentials will no longer be inserted into the Log files even if the PcVue back end and the Web server are incompatible.\u003cbr\u003e\u003cbr\u003e\u003cb\u003e\u003cu\u003eAvailable patches:\u003c/u\u003e\u003c/b\u003e\u003cbr\u003eFixed in:\u003cbr\u003e\u003cul\u003e\u003cli\u003e16.2.4\u003c/li\u003e\u003cli\u003e15.2.11\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Uninstall the Web Server\nIf your system does not require the use of the Web \u0026 Mobile features, you should make sure not to install them. \n\nRe-deploy the Web Server:\nRe-deploy the Web Server with the Web Deployment Console (WDC) provided with the PcVue Web back end installation so that the PcVue Web back end and the Web server run the same version.\n\n\n\nUpdate the PcVue Web back end\nInstall a patched release of the product, including the Web back end and Web Deployment Console (WDC) and use the WDC to re-deploy the Web Server. In case of future updates, credentials will no longer be inserted into the Log files even if the PcVue back end and the Web server are incompatible.\n\nAvailable patches:\nFixed in:\n * 16.2.4\n * 15.2.11"
}
],
"source": {
"advisory": "SB2024-6",
"discovery": "EXTERNAL"
},
"title": "User credentials recorded in log files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2024-12057",
"datePublished": "2024-12-09T19:08:15.527Z",
"dateReserved": "2024-12-02T19:57:23.640Z",
"dateUpdated": "2025-03-21T15:55:47.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4045 (GCVE-0-2011-4045)
Vulnerability from cvelistv5
Published
2012-04-03 01:00
Modified
2024-09-17 02:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-03T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"name": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257",
"refsource": "CONFIRM",
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"name": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440",
"refsource": "CONFIRM",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4045",
"datePublished": "2012-04-03T01:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T02:37:27.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4043 (GCVE-0-2011-4043)
Vulnerability from cvelistv5
Published
2012-04-03 01:00
Modified
2024-09-16 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-03T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"name": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257",
"refsource": "CONFIRM",
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"name": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440",
"refsource": "CONFIRM",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4043",
"datePublished": "2012-04-03T01:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:55.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4042 (GCVE-0-2011-4042)
Vulnerability from cvelistv5
Published
2012-04-03 01:00
Modified
2024-09-16 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-03T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"name": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257",
"refsource": "CONFIRM",
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"name": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440",
"refsource": "CONFIRM",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4042",
"datePublished": "2012-04-03T01:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:36:32.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4044 (GCVE-0-2011-4044)
Vulnerability from cvelistv5
Published
2012-04-03 01:00
Modified
2024-09-17 00:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-03T01:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf"
},
{
"name": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257",
"refsource": "CONFIRM",
"url": "http://www.pcvuesolutions.com/index.php?option=com_content\u0026view=article\u0026id=244\u0026Itemid=257"
},
{
"name": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440",
"refsource": "CONFIRM",
"url": "https://support.pcvuescada.com/index.php?option=com_k2\u0026view=item\u0026id=512\u0026Itemid=440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4044",
"datePublished": "2012-04-03T01:00:00Z",
"dateReserved": "2011-10-13T00:00:00Z",
"dateUpdated": "2024-09-17T00:01:11.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}