Lucene search

[email protected]CVE-2011-3143

HistoryAug 16, 2011 - 9:55 p.m.

CVE-2011-3143

2011-08-1621:55:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-3143

clearscada

vulnerability

control

microsystems

denial of service

remote attack

heap memory corruption

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.081 Low

EPSS

Percentile

94.4%

JSON

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

Affected configurations

NVD

Node

avevaclearscadaMatch2005

avevaclearscadaMatch2007

avevaclearscadaMatch2009

Node

schneider-electricscx_67Range<r4.5

schneider-electricscx_68Range<r3.9

CPENameOperatorVersion
aveva:clearscadaaveva clearscadaeq2005
aveva:clearscadaaveva clearscadaeq2007
aveva:clearscadaaveva clearscadaeq2009

CPE	Name	Operator	Version
aveva:clearscada	aveva clearscada	eq	2005
aveva:clearscada	aveva clearscada	eq	2007
aveva:clearscada	aveva clearscada	eq	2009

References

secunia.com/advisories/44955

www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/

www.osvdb.org/72989

www.securityfocus.com/bid/46312

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.081 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2011-3143

nvd1 cvelist1 prion1