Use-After-Free Vulnerability in Control Microsystems ClearSCADA Software
CVE-2011-3143

Currently unrated

Key Information:

Vendor: Aveva
Status: Clearscada
Vendor: CVE Published:; 16 August 2011

What is CVE-2011-3143?

A use-after-free vulnerability exists in Control Microsystems ClearSCADA, specifically affecting versions released in 2005, 2007, and 2009 prior to R2.3, as well as SCX versions before 67 R4.5 and 68 R3.9. This flaw can be exploited remotely by attackers, allowing them to send specially crafted long strings that trigger heap memory corruption. Consequently, this can result in a denial of service due to crashes of the system and might grant attackers the ability to execute arbitrary code within the affected environment.

References

http://www.osvdb.org/72989

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/44955

third-party-advisoryx_refsource_SECUNIA

http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2011
Vulnerability Reserved
Aug 16, 2011

Aveva

What is CVE-2011-3143?

References

Timeline