10

CVE-2011-3143

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AvevaClearscada Version2005
AvevaClearscada Version2007
AvevaClearscada Version2009
Schneider-electricScx 67 Version < r4.5
Schneider-electricScx 68 Version < r3.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.99% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/44955
Third Party Advisory
http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
Third Party Advisory
Broken Link
http://www.osvdb.org/72989
Broken Link
http://www.securityfocus.com/bid/46312
Third Party Advisory
VDB Entry
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
Patch
Third Party Advisory
US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
Patch
Third Party Advisory
US Government Resource