ID |
CVE-2011-3143
|
Summary |
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
-
cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
-
cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
-
cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
-
cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 31-12-2018 - 14:23) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 46312 | misc | | osvdb | 72989 | secunia | 44955 |
|
Last major update |
31-12-2018 - 14:23 |
Published |
16-08-2011 - 21:55 |
Last modified |
31-12-2018 - 14:23 |