CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3330
https://notcve.org/view.php?id=CVE-2011-3330
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. Un desbordamiento de búfer en el controlador de dispositivo UNITELWAY Windows, tal y como se utiliza en Schneider Electric Unity Pro v6 y versiones anteriores, en el servidor OPC Factory v3.34, en Vijeo Citect v7.20 y anteriores, en Telemecanique Driver Pack v2.6 y anteriores, en Monitor Pro v7.6 y versiones anteriores, y en PL7 Pro v4.5 y versiones anteriores, permite ejecutar código de su elección a los usuarios locales y posiblemente a los atacantes remotos también, a través de un parámetro del sistema no especificado. • http://secunia.com/advisories/46534 http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page http://www.securityfocus.com/bid/50319 http://www.securitytracker.com/id?1026234 http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/70882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-3144
https://notcve.org/view.php?id=CVE-2011-3144
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Control Microsystems ClearSCADA 2005, 2007 y 2009 en versiones anteriores a la R2.3 y R1.4, como se utiliza en SCX anteriores a 67 R4.5 y 68 R3.9, permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://secunia.com/advisories/44955 http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability http://www.osvdb.org/72987 http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2011-3143
https://notcve.org/view.php?id=CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. Vulnerabilidad de tipo "usar-después-de-liberar" en Control Microsystems ClearSCADA 2005, 2007 y 2009 anteriores a R2.3 y R1.4, tal como se usa en SCX anteriores a 67 R4.5 y 68 R3.9, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cadenas de texto extensas que provocan una corrupción de memoria dinámica ("heap"). • http://secunia.com/advisories/44955 http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability http://www.osvdb.org/72989 http://www.securityfocus.com/bid/46312 http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf • CWE-399: Resource Management Errors •