Back

Topic

[KB512]Security bulletin 2011-1

Tags: Security

14 years ago
By BL
Options
Print
Summary:

This security bulletin follows the ICS-CERT alert 11-271-01 released on September 28th 2011 and the ICS-CERT advisory ICSA-11-340-01 released on December 6th 2011, by the USA Department of Homeland Security. We strongly recommend that users of the affected products apply the security measures described in the attached document.

See below the attached pdf file for more information.

Last update: November 17th, 2014


Overview:

ARC Informatique is aware of 5 security vulnerabilities affecting its products.

One security vulnerability has been privately reported to the ICS-CERT by a security expert. The 4 others have been publicly disclosed along with proof-of-concept (PoC) exploit code.

We have been working in coordination with the ICS-CERT to confirm these vulnerabilities and provide you with risk mitigation.

This bulletin describes the immediate security measures to prevent the malicious exploitation of these vulnerabilities. We strongly recommend that users of the affected products apply these measures.

The ICS-CERT has validated these security measures and confirmed that they resolve the identified  vulnerabilities.

Affected products and components:

Component Product Description
SVUIGrd.ocx PcVue – From version 6.00 onwardStarting with PcVue 9.0 SP2, PcVue 10.0 updates and corresponding FrontVue versions, kill-bits are set by the installation package and the Component Registration Utility.

The vulnerable component is no longer installed with PcVue 10.0 SP1, 11 and later versions.

An ActiveX supplied with PcVue.
File location: $InstallationDirectory$\Bin\SVUIGrd.ocx.CLSID: {2BBD45A5-28AE-11D1-ACAC-0800170967D9}
aipgctl.ocx PcVue – From version 7.00 onward FrontVue – All versions

PlantVue – All versions

Starting with PcVue 9.0 SP2, PcVue 10.0 updates and corresponding FrontVue versions, kill-bits are set by the installation package and the Component Registration Utility.

An ActiveX supplied with PcVue, FrontVue and PlantVue.
File location: Windows system folders.
CLSID: {083B40D3-CCBA-11D2-AFE0-00C04F7993D6}
Download attachments:

Created on: 09 Nov 2011 Last update: 04 Sep 2024