Description
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Affected products
- AVEVA / clearscada2005 – 2005
- AVEVA / clearscada2007 – 2007
- AVEVA / clearscada2009 – 2009
- Schneider Electric / scx_67r4.5
- Schneider Electric / scx_68r3.9
References
- MISChttp://www.osvdb.org/72989
- VENDOR_ADVISORYhttp://secunia.com/advisories/44955
- MISChttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
- MISChttp://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
- MISChttp://www.securityfocus.com/bid/46312
- MISChttp://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/