CVE-2011-3143
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Vulnerabilidad de tipo "usar-después-de-liberar" en Control Microsystems ClearSCADA 2005, 2007 y 2009 anteriores a R2.3 y R1.4, tal como se usa en SCX anteriores a 67 R4.5 y 68 R3.9, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cadenas de texto extensas que provocan una corrupción de memoria dinámica ("heap").
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-16 CVE Reserved
- 2011-08-16 CVE Published
- 2023-03-16 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/44955 | Third Party Advisory | |
| http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability | Broken Link | |
| http://www.osvdb.org/72989 | Broken Link | |
| http://www.securityfocus.com/bid/46312 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf | 2018-12-31 | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf | 2018-12-31 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aveva Search vendor "Aveva" | Clearscada Search vendor "Aveva" for product "Clearscada" | 2005 Search vendor "Aveva" for product "Clearscada" and version "2005" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Clearscada Search vendor "Aveva" for product "Clearscada" | 2007 Search vendor "Aveva" for product "Clearscada" and version "2007" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Clearscada Search vendor "Aveva" for product "Clearscada" | 2009 Search vendor "Aveva" for product "Clearscada" and version "2009" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Scx 67 Search vendor "Schneider-electric" for product "Scx 67" | < r4.5 Search vendor "Schneider-electric" for product "Scx 67" and version " < r4.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Scx 68 Search vendor "Schneider-electric" for product "Scx 68" | < r3.9 Search vendor "Schneider-electric" for product "Scx 68" and version " < r3.9" | - |
Affected
| ||||||