CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2011-3143
https://notcve.org/view.php?id=CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Vulnerabilidad de tipo "usar-después-de-liberar" en Control Microsystems ClearSCADA 2005, 2007 y 2009 anteriores a R2.3 y R1.4, tal como se usa en SCX anteriores a 67 R4.5 y 68 R3.9, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cadenas de texto extensas que provocan una corrupción de memoria dinámica ("heap"). • http://secunia.com/advisories/44955 http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability http://www.osvdb.org/72989 http://www.securityfocus.com/bid/46312 http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-3144
https://notcve.org/view.php?id=CVE-2011-3144
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Control Microsystems ClearSCADA 2005, 2007 y 2009 en versiones anteriores a la R2.3 y R1.4, como se utiliza en SCX anteriores a 67 R4.5 y 68 R3.9, permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://secunia.com/advisories/44955 http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability http://www.osvdb.org/72987 http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •