Memory corruption

2011-08-1621:55:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.081 Low

EPSS

Percentile

94.4%

JSON

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

CPENameOperatorVersion
clearscadaeq2005
clearscadaeq2007
clearscadaeq2009
scx_67eq< r4.5
scx_68eq< r3.9

Name	Operator	Version
clearscada	eq	2005
clearscada	eq	2007
clearscada	eq	2009
scx_67	eq	< r4.5
scx_68	eq	< r3.9

References

secunia.com/advisories/44955

www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/

www.osvdb.org/72989

www.securityfocus.com/bid/46312

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf

www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf