CVE-2011-3143 - Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and

CVE-2011-3143

Summary

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

References

Vulnerable Configurations

cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 31-12-2018 - 14:23)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	46312
misc	http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/ http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
osvdb	72989
secunia	44955

Last major update

31-12-2018 - 14:23

Published

16-08-2011 - 21:55

Last modified

31-12-2018 - 14:23