Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3144

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3144
Last Modified 15 Mar 2012 12:00:00
Published 16 Aug 2011 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3144

Summary

Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Controlmicrosystems Clearscada 2005 0

  • Controlmicrosystems Clearscada 2005 1.0

  • Controlmicrosystems Clearscada 2007 0

  • Controlmicrosystems Clearscada 2007 0.1

  • Controlmicrosystems Clearscada 2007 0.2

  • Controlmicrosystems Clearscada 2007 1.0

  • Controlmicrosystems Clearscada 2007 1.1

  • Controlmicrosystems Clearscada 2007 1.2

  • Controlmicrosystems Clearscada 2007 1.3

  • Controlmicrosystems Clearscada 2007 1.4

  • Controlmicrosystems Clearscada 2009 1.0

  • Controlmicrosystems Clearscada 2009 1.1

  • Controlmicrosystems Clearscada 2009 1.2

  • Controlmicrosystems Clearscada 2009 1.3

  • Controlmicrosystems Clearscada 2009 2.0

  • Controlmicrosystems Clearscada 2009 2.1

  • Controlmicrosystems Clearscada 2009 2.2


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf

OSVDB - 72987

MISC - http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/

SECUNIA - 44955


Last Updated: 27 May 2016 10:57:14