APP: InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution

A code execution vulnerability has been identified in the Remote Agent component of InduSoft Web Studio. A successful attack can lead to arbitrary code execution.

Extended Description

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

Affected Products

Indusoft web_studio

References

BugTraq: 50675

CVE: CVE-2011-4051

Short Name
APP:INDUSOFT-WEBSTUDIO-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2011-4051 Code Execution InduSoft Operations Remote Unauthenticated WebStudio bid:50675
Release Date
06/12/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3718
Port
TCP/4322
False Positive
Unknown
Vendors

Indusoft

CVSS Score

10.0

Found a potential security threat?