Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3143

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3143
Last Modified 15 Mar 2012 12:00:00
Published 16 Aug 2011 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3143

Summary

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

Vulnerable Systems

Application

  • Controlmicrosystems Clearscada 2005 0

  • Controlmicrosystems Clearscada 2005 1.0

  • Controlmicrosystems Clearscada 2007 0

  • Controlmicrosystems Clearscada 2007 0.1

  • Controlmicrosystems Clearscada 2007 0.2

  • Controlmicrosystems Clearscada 2007 1.0

  • Controlmicrosystems Clearscada 2007 1.1

  • Controlmicrosystems Clearscada 2007 1.2

  • Controlmicrosystems Clearscada 2007 1.3

  • Controlmicrosystems Clearscada 2007 1.4

  • Controlmicrosystems Clearscada 2009 1.0

  • Controlmicrosystems Clearscada 2009 1.1

  • Controlmicrosystems Clearscada 2009 1.2

  • Controlmicrosystems Clearscada 2009 1.3

  • Controlmicrosystems Clearscada 2009 2.0

  • Controlmicrosystems Clearscada 2009 2.1

  • Controlmicrosystems Clearscada 2009 2.2

  • Serck-controls Scx 67

  • Serck-controls Scx 68


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf

OSVDB - 72989

MISC - http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/

SECUNIA - 44955


Last Updated: 27 May 2016 10:57:14