CVE-2011-3143
Control Microsystems ClearSCADA 2005-2009 - Use-After-Free via Long Strings
Title source: llmDescription
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
References (6)
Core 6
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/72989
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44955
Patch, Third Party Advisory, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
Patch, Third Party Advisory, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46312
Broken Link, Third Party Advisory x_refsource_misc
http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
Scores
EPSS
0.1551
EPSS Percentile
94.8%
Details
CWE
CWE-399
Status
published
Products (5)
aveva/clearscada
2005
aveva/clearscada
2007
aveva/clearscada
2009
schneider-electric/scx_67
< r4.5
schneider-electric/scx_68
< r3.9
Published
Aug 16, 2011
Tracked Since
Feb 18, 2026