製品・ソフトウェアに関する情報

JVN脆弱性詳細

Control Microsystems ClearSCADA におけるサービス運用妨害 (クラッシュ) の脆弱性

Title	Control Microsystems ClearSCADA におけるサービス運用妨害 (クラッシュ) の脆弱性
Summary	Control Microsystems ClearSCADA および Serck Control SCX にて使用される ClearSCADA には、サービス運用妨害 (クラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、ヒープメモリの破損を誘発する過度に長い文字列を介して、サービス運用妨害 (クラッシュ) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 16, 2011, midnight
Registration Date	Dec. 22, 2011, 11:34 a.m.
Last Update	Dec. 22, 2011, 11:34 a.m.

Affected System

Control Microsystems

ClearSCADA 2005

ClearSCADA 2007

ClearSCADA 2009 R1.4 未満

ClearSCADA 2009 R2.3 未満

Serck Control

SCX 67 R4.5 未満

SCX 68 R3.9 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-3143	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3143
National Vulnerability Database (NVD)
2	CVE-2011-3143	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3143

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-10-314-01	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
2	ICSA-10-314-01A	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf

Change Log

No	Changed Details	Date of change
0	[2011年12月22日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-3143

Summary	Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
Publication Date	Aug. 17, 2011, 6:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:29 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/44955	Third Party Advisory
2	http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/	Broken Link Third Party Advisory
3	http://www.osvdb.org/72989	Broken Link
4	http://www.securityfocus.com/bid/46312	Third Party Advisory VDB Entry
5	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf	Patch Third Party Advisory US Government Resource
6	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf	Patch Third Party Advisory US Government Resource
7	http://secunia.com/advisories/44955	Third Party Advisory
8	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf	Patch Third Party Advisory US Government Resource
9	http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf	Patch Third Party Advisory US Government Resource
10	http://www.securityfocus.com/bid/46312	Third Party Advisory VDB Entry
11	http://www.osvdb.org/72989	Broken Link
12	http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/	Broken Link Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html