ID
VAR-E-201102-0332
CVE
| cve_id: | CVE-2011-3143 | Trust: 0.3 |
TITLE
Control Microsystems ClearSCADA Multiple Remote Vulnerabilities
Trust: 0.3
DESCRIPTION
Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including:
1. A cross-site scripting vulnerability
2. A buffer-overflow vulnerability
3. An information-disclosure vulnerability
An attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible.
The following products are affected:
ClearSCADA 2005
ClearSCADA 2007
ClearSCADA 2009
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | control | model: | microsystems clearscada | scope: | eq | version: | 20090 | Trust: 0.3 |
| vendor: | control | model: | microsystems clearscada | scope: | eq | version: | 20070 | Trust: 0.3 |
| vendor: | control | model: | microsystems clearscada | scope: | eq | version: | 20050 | Trust: 0.3 |
| vendor: | control | model: | microsystems clearscada r1.4 | scope: | ne | version: | 2010 | Trust: 0.3 |
| vendor: | control | model: | microsystems clearscada | scope: | ne | version: | 20092.3 | Trust: 0.3 |
| vendor: | control | model: | microsystems clearscada | scope: | ne | version: | 20091 | Trust: 0.3 |
EXPLOIT
An attacker can exploit the cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can use readily available network utilities to exploit the information-disclosure issue.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Digital Bond
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-3143 | Trust: 0.3 |
| db: | BID | id: | 46312 | Trust: 0.3 |
REFERENCES
| url: | http://www.vupen.com/english/reference-2011-0356-1.php | Trust: 0.3 |
| url: | http://www.clearscada.com/services-support/software-updates/ | Trust: 0.3 |
| url: | http://www.clearscada.com/index.cfm | Trust: 0.3 |
SOURCES
| db: | BID | id: | 46312 |
LAST UPDATE DATE
2022-07-27T09:54:45.687000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 46312 | date: | 2015-07-15T00:13:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 46312 | date: | 2011-02-10T00:00:00 |