Search criteria
15 vulnerabilities found for scadapro by measuresoft
VAR-201205-0302
Vulnerability from variot - Updated: 2025-04-11 22:59Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro server",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro client",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.9,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro client",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro client",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos Mario Penagos Hollmann",
"sources": [
{
"db": "BID",
"id": "53681"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2012-1824",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1824",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1824",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1824",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-145-01",
"trust": 3.3
},
{
"db": "BID",
"id": "53681",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-2775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564",
"trust": 0.8
},
{
"db": "IVD",
"id": "CEFAA91A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"id": "VAR-201205-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
]
},
"last_update_date": "2025-04-11T22:59:22.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"title": "Measuresoft ScadaPro DLL loads patches for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/17351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/server/documentation/releasenotes.doc"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/client/documentation/releasenotes.doc"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1824"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1824"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53681"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"date": "2012-05-25T19:55:01.493000",
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Client and ScadaPro Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.8
}
}
VAR-201109-0168
Vulnerability from variot - Updated: 2025-04-11 22:53service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3496",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3496",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3496",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75571",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A45C75F2-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"id": "VAR-201109-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:59.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75571"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"date": "2011-09-16T17:26:14.747000",
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
}
}
VAR-201109-0169
Vulnerability from variot - Updated: 2025-04-11 22:53service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3497",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3497",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A44E1B2E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"id": "VAR-201109-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:59.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75490"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"date": "2011-09-16T17:26:14.777000",
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
}
}
VAR-201109-0183
Vulnerability from variot - Updated: 2025-04-11 22:53Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 4.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3490",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3490",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3490",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
}
],
"trust": 5.67
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3490",
"trust": 3.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75486",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "82F0DC66-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7DE8A7B2-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7F9967D6-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "815B94A4-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A5093936-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "86F8B360-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"id": "VAR-201109-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 5.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:58.965000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75486"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"date": "2011-09-16T14:28:12.997000",
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Arbitrary function call vulnerability",
"sources": [
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 1.8
}
}
VAR-201109-0188
Vulnerability from variot - Updated: 2025-04-11 22:53Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3495",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3495",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3495",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75487",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75489",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75488",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A471CECA-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"id": "VAR-201109-0188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:58.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75489"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75487"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75488"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"date": "2011-09-16T17:26:14.683000",
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro of service.exe Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.8
}
}
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from nvd – Published: 2024-04-30 19:45 – Updated: 2025-08-27 21:23
VLAI?
Title
Measuresoft ScadaPro Improper Access Control
Summary
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
Credits
Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from nvd – Published: 2011-09-16 14:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3490",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from cvelistv5 – Published: 2024-04-30 19:45 – Updated: 2025-08-27 21:23
VLAI?
Title
Measuresoft ScadaPro Improper Access Control
Summary
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
Credits
Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from cvelistv5 – Published: 2011-09-16 14:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3490",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}