CVE-2011-3143: Use After Free
First published: Tue Aug 16 2011(Updated: )
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aveva Clearscada | =2005 | |
| Aveva Clearscada | =2007 | |
| Aveva Clearscada | =2009 | |
| Schneider-electric Scx 67 | <r4.5 | |
| Schneider-electric Scx 68 | <r3.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
- http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
- http://www.osvdb.org/72989
- http://secunia.com/advisories/44955
- http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
- http://www.securityfocus.com/bid/46312
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/aveva
- canonical/aveva clearscada
- version/aveva clearscada/2005
- version/aveva clearscada/2007
- version/aveva clearscada/2009
- vendor/schneider-electric
- canonical/schneider-electric scx 67
- canonical/schneider-electric scx 68