Unitronics UNIOPC Server Input Handling Vulnerability

CVSS 6.8 MEDIUM

CVEs (1)

CVE-2011-5086

Unitronics has released Version 2.0.0 of UniOPC Server. Unitronics recommends that users of all versions of the UniOPC Server product download and install Version 2.0.0 or newer from the following location: (http://www.unitronics.com/Content.aspx?page=Downloads)
Unitronics has not provided mitigation steps for existing customers who are currently using affected versions of UniOPC. The vulnerable component will remain on the system even after the new version has been installed.
To manually remove the vulnerable component, the researcher suggests the following steps: Ensure that no other applications are using https50.ocx prior to its removal. From a command prompt type: regsvr32 /U c:\windows\system32\https50.ocx . Delete the c:\windows\system32\https50.ocx file.

Unitronics

Unitronics · Unitronics UniOPC <2.0.0.

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.