Vulnerability Details CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/44955
- http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
- http://www.osvdb.org/72989
- http://www.securityfocus.com/bid/46312
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
- http://secunia.com/advisories/44955
- http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
- http://www.osvdb.org/72989
- http://www.securityfocus.com/bid/46312
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
Products affected by CVE-2011-3143
-
cpe:2.3:a:aveva:clearscada:2005
-
cpe:2.3:a:aveva:clearscada:2007
-
cpe:2.3:a:aveva:clearscada:2009
-
cpe:2.3:a:schneider-electric:scx_67:*
-
cpe:2.3:a:schneider-electric:scx_68:*