Vulnerability Details : CVE-2011-3143
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2011-3143
- cpe:2.3:a:schneider-electric:scx_67:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:scx_68:*:*:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2005:*:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2007:*:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:2009:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3143
1.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3143
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-3143
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3143
-
http://secunia.com/advisories/44955
Sign inThird Party Advisory
-
http://www.securityfocus.com/bid/46312
Control Microsystems ClearSCADA Multiple Remote VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
Digital Bond Archives - Dale Peterson ICS Security ExpertBroken Link;Third Party Advisory
-
http://www.osvdb.org/72989
404 Not FoundBroken Link
-
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
404 - File Not Found | CISAPatch;Third Party Advisory;US Government Resource
-
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
404 - File Not Found | CISAPatch;Third Party Advisory;US Government Resource
Jump to