CVE-2011-5163

Published: Sep 15, 2012Modified: Apr 29, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.

Affected (2)

Products: Mitsubishi Automation: Mx4 Scada · Schneider Electric: Citectscada

Mitsubishi Automation

1 product

Mx4 Scada

Schneider Electric

1 product

Citectscada

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mitsubishi Automation Mx4 Scada	Up to 7.10
Schneider Electric Citectscada	Up to 7.10

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://secunia.com/advisories/46779

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/46786

Source: cve@mitre.org

Vendor Advisory

http://www.citect.com/citectscada-batch

Source: cve@mitre.org

http://www.osvdb.org/76937

Source: cve@mitre.org

http://www.securitytracker.com/id?1026306

Source: cve@mitre.org

http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf

Source: cve@mitre.org

US Government Resource

https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4%2CSCADA

Source: cve@mitre.org

http://secunia.com/advisories/46779