Lucene search

[email protected]NVD:CVE-2011-3143

HistoryAug 16, 2011 - 9:55 p.m.

CVE-2011-3143

2011-08-1621:55:01

CWE-399

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.081 Low

EPSS

Percentile

94.4%

JSON

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

Affected configurations

NVD

Node

avevaclearscadaMatch2005

avevaclearscadaMatch2007

avevaclearscadaMatch2009

Node

schneider-electricscx_67Range<r4.5

schneider-electricscx_68Range<r3.9

References

secunia.com/advisories/44955

www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/

www.osvdb.org/72989

www.securityfocus.com/bid/46312

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.081 Low

EPSS

Percentile

94.4%

JSON

Related for NVD:CVE-2011-3143

cve1 prion1 cvelist1