Find a vulnerability
Search criteria
31 vulnerabilities by measuresoft
VAR-201205-0302
Vulnerability from variot - Updated: 2025-04-11 22:59Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro server",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro client",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.9,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro client",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro client",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos Mario Penagos Hollmann",
"sources": [
{
"db": "BID",
"id": "53681"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2012-1824",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1824",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1824",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1824",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-145-01",
"trust": 3.3
},
{
"db": "BID",
"id": "53681",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-2775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564",
"trust": 0.8
},
{
"db": "IVD",
"id": "CEFAA91A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"id": "VAR-201205-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
]
},
"last_update_date": "2025-04-11T22:59:22.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"title": "Measuresoft ScadaPro DLL loads patches for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/17351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/server/documentation/releasenotes.doc"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/client/documentation/releasenotes.doc"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1824"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1824"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53681"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"date": "2012-05-25T19:55:01.493000",
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Client and ScadaPro Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.8
}
}
VAR-201109-0168
Vulnerability from variot - Updated: 2025-04-11 22:53service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3496",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3496",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3496",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75571",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A45C75F2-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"id": "VAR-201109-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:59.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75571"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"date": "2011-09-16T17:26:14.747000",
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
}
}
VAR-201109-0169
Vulnerability from variot - Updated: 2025-04-11 22:53service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3497",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3497",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A44E1B2E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"id": "VAR-201109-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:59.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75490"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"date": "2011-09-16T17:26:14.777000",
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
}
}
VAR-201109-0183
Vulnerability from variot - Updated: 2025-04-11 22:53Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 4.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3490",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3490",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3490",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
}
],
"trust": 5.67
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3490",
"trust": 3.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75486",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "82F0DC66-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7DE8A7B2-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7F9967D6-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "815B94A4-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A5093936-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "86F8B360-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"id": "VAR-201109-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 5.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:58.965000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75486"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"date": "2011-09-16T14:28:12.997000",
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Arbitrary function call vulnerability",
"sources": [
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 1.8
}
}
VAR-201109-0188
Vulnerability from variot - Updated: 2025-04-11 22:53Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:measuresoft:scadapro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3495",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3495",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3495",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75487",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75489",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75488",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A471CECA-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"id": "VAR-201109-0188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2025-04-11T22:53:58.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75489"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75487"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75488"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"date": "2011-09-16T17:26:14.683000",
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro of service.exe Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.8
}
}
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from nvd – Published: 2024-04-30 19:45 – Updated: 2025-08-27 21:23| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3263 (GCVE-0-2022-3263)
Vulnerability from nvd – Published: 2022-09-23 18:30 – Updated: 2025-04-16 17:47- CWE-284 - Improper Access Control
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
6.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:10.852779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:47:16.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@rgod777, working with Trend Micro Zero Day Initiative, reported this vulnerability to CISA."
}
],
"datePublic": "2022-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T18:30:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Server Improper Access Control",
"workarounds": [
{
"lang": "en",
"value": "Measuresoft recommends the following steps to remove full access to the ORCHESTRATOR service:\n1. Open a command-line window (CMD) with \u0027run as administrator\u0027\n2. Use the following command to make the permission change to the ORCHESTRATOR service: sc sdset ORCHESTRATOR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)\n3. As a low-level user, attempt to shut down the ORCHESTRATOR service: sc stop ORCHESTRATOR. User will be denied. It will no longer be possible to edit the configuration of the service by a low-level user."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-22T20:45:00.000Z",
"ID": "CVE-2022-3263",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.7"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@rgod777, working with Trend Micro Zero Day Initiative, reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Measuresoft recommends the following steps to remove full access to the ORCHESTRATOR service:\n1. Open a command-line window (CMD) with \u0027run as administrator\u0027\n2. Use the following command to make the permission change to the ORCHESTRATOR service: sc sdset ORCHESTRATOR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)\n3. As a low-level user, attempt to shut down the ORCHESTRATOR service: sc stop ORCHESTRATOR. User will be denied. It will no longer be possible to edit the configuration of the service by a low-level user."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3263",
"datePublished": "2022-09-23T18:30:36.700Z",
"dateReserved": "2022-09-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:47:16.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2898 (GCVE-0-2022-2898)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 16:10- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server and Client |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:09.511855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:10:51.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server and Client",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server and Client Link Following",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2898",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server and Client Link Following"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server and Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2898",
"datePublished": "2022-08-31T20:54:55.611Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:10:51.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2897 (GCVE-0-2022-2897)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server and Client |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:28.086217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:20.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server and Client",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server and Client Link Following",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2897",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server and Client Link Following"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server and Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2897",
"datePublished": "2022-08-31T20:54:55.020Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:20.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2896 (GCVE-0-2022-2896)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-121 - Stack-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:22.611560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:01.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Use After Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2896",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Use After Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2896",
"datePublished": "2022-08-31T20:54:55.401Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:01.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2895 (GCVE-0-2022-2895)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-121 - Stack-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:31.880992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:31.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2895",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Stack-based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2895",
"datePublished": "2022-08-31T20:54:54.819Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:31.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2894 (GCVE-0-2022-2894)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-822 - Untrusted Pointer Dereference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:25.266972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:12.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Untrusted Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2894",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Untrusted Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822 Untrusted Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2894",
"datePublished": "2022-08-31T20:54:55.197Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:12.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2892 (GCVE-0-2022-2892)
Vulnerability from nvd – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-787 - Out-of-bounds Write
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All , < 6.8.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:34.723614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:40.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"lessThan": "6.8.0.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2892",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "6.8.0.1"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2892",
"datePublished": "2022-08-31T20:54:54.536Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:40.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1824 (GCVE-0-2012-1824)
Vulnerability from nvd – Published: 2012-05-25 19:00 – Updated: 2024-09-16 19:19- n/a
| URL | Tags |
|---|---|
| http://www.measuresoft.net/downloads/Measuresoft%… | x_refsource_MISC |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
| http://www.measuresoft.net/downloads/Measuresoft%… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-25T19:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc",
"refsource": "MISC",
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"name": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc",
"refsource": "MISC",
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1824",
"datePublished": "2012-05-25T19:00:00.000Z",
"dateReserved": "2012-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:19:14.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/17848 | exploitx_refsource_EXPLOIT-DB |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from nvd – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from nvd – Published: 2011-09-16 14:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/17848 | exploitx_refsource_EXPLOIT-DB |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3490",
"datePublished": "2011-09-16T14:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from cvelistv5 – Published: 2024-04-30 19:45 – Updated: 2025-08-27 21:23| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3263 (GCVE-0-2022-3263)
Vulnerability from cvelistv5 – Published: 2022-09-23 18:30 – Updated: 2025-04-16 17:47- CWE-284 - Improper Access Control
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
6.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:10.852779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:47:16.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@rgod777, working with Trend Micro Zero Day Initiative, reported this vulnerability to CISA."
}
],
"datePublic": "2022-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T18:30:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Server Improper Access Control",
"workarounds": [
{
"lang": "en",
"value": "Measuresoft recommends the following steps to remove full access to the ORCHESTRATOR service:\n1. Open a command-line window (CMD) with \u0027run as administrator\u0027\n2. Use the following command to make the permission change to the ORCHESTRATOR service: sc sdset ORCHESTRATOR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)\n3. As a low-level user, attempt to shut down the ORCHESTRATOR service: sc stop ORCHESTRATOR. User will be denied. It will no longer be possible to edit the configuration of the service by a low-level user."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-09-22T20:45:00.000Z",
"ID": "CVE-2022-3263",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.7"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "@rgod777, working with Trend Micro Zero Day Initiative, reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Measuresoft recommends the following steps to remove full access to the ORCHESTRATOR service:\n1. Open a command-line window (CMD) with \u0027run as administrator\u0027\n2. Use the following command to make the permission change to the ORCHESTRATOR service: sc sdset ORCHESTRATOR D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)\n3. As a low-level user, attempt to shut down the ORCHESTRATOR service: sc stop ORCHESTRATOR. User will be denied. It will no longer be possible to edit the configuration of the service by a low-level user."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3263",
"datePublished": "2022-09-23T18:30:36.700Z",
"dateReserved": "2022-09-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:47:16.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2898 (GCVE-0-2022-2898)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 16:10- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server and Client |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:09.511855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:10:51.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server and Client",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server and Client Link Following",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2898",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server and Client Link Following"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server and Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2898",
"datePublished": "2022-08-31T20:54:55.611Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:10:51.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2896 (GCVE-0-2022-2896)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-121 - Stack-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:22.611560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:01.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Use After Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2896",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Use After Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2896",
"datePublished": "2022-08-31T20:54:55.401Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:01.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2894 (GCVE-0-2022-2894)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-822 - Untrusted Pointer Dereference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:25.266972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:12.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Untrusted Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2894",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Untrusted Pointer Dereference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822 Untrusted Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2894",
"datePublished": "2022-08-31T20:54:55.197Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:12.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2897 (GCVE-0-2022-2897)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server and Client |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:28.086217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:20.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server and Client",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server and Client Link Following",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2897",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server and Client Link Following"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server and Client",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2897",
"datePublished": "2022-08-31T20:54:55.020Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:20.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2895 (GCVE-0-2022-2895)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-121 - Stack-based Buffer Overflow
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:31.880992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:31.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2895",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Stack-based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2895",
"datePublished": "2022-08-31T20:54:54.819Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:31.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2892 (GCVE-0-2022-2892)
Vulnerability from cvelistv5 – Published: 2022-08-31 20:54 – Updated: 2025-04-16 17:48- CWE-787 - Out-of-bounds Write
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Measuresoft | ScadaPro Server |
Affected:
All , < 6.8.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:34.723614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:48:40.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"lessThan": "6.8.0.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T20:54:54.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Measuresoft ScadaPro Server Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T18:30:00.000Z",
"ID": "CVE-2022-2892",
"STATE": "PUBLIC",
"TITLE": "Measuresoft ScadaPro Server Out-of-bounds Write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScadaPro Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "6.8.0.1"
}
]
}
}
]
},
"vendor_name": "Measuresoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2892",
"datePublished": "2022-08-31T20:54:54.536Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:48:40.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1824 (GCVE-0-2012-1824)
Vulnerability from cvelistv5 – Published: 2012-05-25 19:00 – Updated: 2024-09-16 19:19- n/a
| URL | Tags |
|---|---|
| http://www.measuresoft.net/downloads/Measuresoft%… | x_refsource_MISC |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
| http://www.measuresoft.net/downloads/Measuresoft%… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-25T19:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc",
"refsource": "MISC",
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf"
},
{
"name": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc",
"refsource": "MISC",
"url": "http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1824",
"datePublished": "2012-05-25T19:00:00.000Z",
"dateReserved": "2012-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:19:14.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/17848 | exploitx_refsource_EXPLOIT-DB |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from cvelistv5 – Published: 2011-09-16 17:00 – Updated: 2024-08-06 23:37- n/a
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8382 | third-party-advisoryx_refsource_SREASON |
| http://www.us-cert.gov/control_systems/pdf/ICS-AL… | x_refsource_MISC |
| http://aluigi.altervista.org/adv/scadapro_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00.000Z",
"dateReserved": "2011-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}