CVE-2011-0488
published 2011-01-18CVE-2011-0488: Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio…
PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.60%
94.4th percentile
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_studio | — | — |
| indusoft | web_studio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x6q8-w8xf-7859: Stack-based buffer overflow in NTWebServer
ghsa_unreviewed·2022-05-17
CVE-2011-0488 [HIGH] CWE-119 GHSA-x6q8-w8xf-7859: Stack-based buffer overflow in NTWebServer
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
CISA ICS
GLEG Agora SCADA+ Exploit Pack
cisa_ics·2018-09-06
GLEG Agora SCADA+ Exploit Pack
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GLEG Agora SCADA+ Exploit Pack
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-096-01
## OVERVIEW
On March 15, 2011, GLEG Ltd. announced the Agora SCADA+ Exploit Pack for Immunity’s CANVAS system. CANVAS is a penetration testing framework that is extensible using CANVAS Exploit Packs. On March 25, 2011, GLEG announced it would be adding exploits for the 35 vulnerabilities released by Luigi Auriemma on March 21, 2011. The ICS-CERT has not received any reports of this tool being used for an unauthorized compromise of an actual control system installation.
ICS-CERT has prepared t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QDhttp://secunia.com/advisories/42883http://secunia.com/advisories/42903http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htmhttp://www.indusoft.com/blog/?p=337http://www.kb.cert.org/vuls/id/506864http://www.osvdb.org/70396http://www.securityfocus.com/bid/45783http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdfhttp://www.vupen.com/english/advisories/2011/0092http://www.vupen.com/english/advisories/2011/0093https://exchange.xforce.ibmcloud.com/vulnerabilities/64678http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QDhttp://secunia.com/advisories/42883http://secunia.com/advisories/42903http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htmhttp://www.indusoft.com/blog/?p=337http://www.kb.cert.org/vuls/id/506864http://www.osvdb.org/70396http://www.securityfocus.com/bid/45783http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdfhttp://www.vupen.com/english/advisories/2011/0092http://www.vupen.com/english/advisories/2011/0093https://exchange.xforce.ibmcloud.com/vulnerabilities/64678
2011-01-18
Published