9 matches found
EUVD-2011-3112
Malware in sbrugna...
ClearScada Vulnerabilities (Update A)
Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The...
ClearSCADA Remote Authentication Bypass
Overview ICS-CERT originally released Advisory ICSA-11-173-01P “ClearSCADA Remote Authentication Bypass”, on the US-CERT Portal on June 22, 2011. This web page release was delayed to allow users sufficient time to download and install this update. Independent security researcher Jeremy Brown has...
CVE-2011-3144
Cross-site scripting XSS vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified long strings that trigger heap memor...
Memory corruption
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified long strings that trigger heap memor...
CVE-2011-3144
Cross-site scripting XSS vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-3144
CVE-2011-3144 is an XSS vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 up to R2.3 and R1.4, used with SCX up to 67 R4.5 and 68 R3.9. Remote attackers can inject arbitrary web script/HTML via unspecified vectors. Affected components and exact vectors are not detailed in the ...
Dozens of SCADA Exploits, Proof-of-concept Code Published
Exploits for scores of vulnerabilities in supervisory control and data acquisition software SCADA were made public on Monday, according to a report by The Register. 34 holes were published on Seclists.org’s Bugtraq mailing list for programs by Siemens, Iconics, 7-Technologies, Datac and Control...