CVE-2011-3143 — Out-of-bounds Write in Clearscada

CWE-3993 documents3 sources

Severity

10.0CRITICALNVD

EPSS

15.5%

top 5.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric SCX 67 Schneider-electric SCX 68 Aveva Clearscada

Timeline

PublishedAug 16

Latest updateMay 14

Description

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDaveva/clearscada2005, 2007, 2009+2

▶NVDschneider-electric/scx_67< r4.5

▶NVDschneider-electric/scx_68< r3.9

Patches

Patch: www.us-cert.gov ↗Patch: www.us-cert.gov ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-vvc6-fgrx-mqr8: Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2↗2022-05-14

▶

CVEList

CVE-2011-3143: Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2↗2011-08-16

▶