Scadapro
by Measuresoft
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3497 | 0.08 | — | 0.59 | Sep 16, 2011 | service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | |||
| CVE-2011-3490 | 0.06 | — | 0.36 | Sep 16, 2011 | Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. | |||
| CVE-2011-3496 | 0.04 | — | 0.14 | Sep 16, 2011 | service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. | |||
| CVE-2011-3495 | 0.04 | — | 0.11 | Sep 16, 2011 | Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. | |||
| CVE-2024-3746 | 0.00 | — | 0.00 | Apr 30, 2024 | The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. | |||
| CVE-2022-3263 | 0.00 | — | 0.00 | Sep 23, 2022 | The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | |||
| CVE-2022-2898 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | |||
| CVE-2022-2896 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | |||
| CVE-2022-2894 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | |||
| CVE-2022-2897 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | |||
| CVE-2022-2895 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. | |||
| CVE-2022-2892 | 0.00 | — | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | |||
| CVE-2012-1824 | 0.00 | — | 0.00 | May 25, 2012 | Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
- CVE-2011-3497Sep 16, 2011risk 0.08cvss —epss 0.59
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
- CVE-2011-3490Sep 16, 2011risk 0.06cvss —epss 0.36
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
- CVE-2011-3496Sep 16, 2011risk 0.04cvss —epss 0.14
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
- CVE-2011-3495Sep 16, 2011risk 0.04cvss —epss 0.11
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
- CVE-2024-3746Apr 30, 2024risk 0.00cvss —epss 0.00
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
- CVE-2022-3263Sep 23, 2022risk 0.00cvss —epss 0.00
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
- CVE-2022-2898Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.
- CVE-2022-2896Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.
- CVE-2022-2894Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
- CVE-2022-2897Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..
- CVE-2022-2895Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
- CVE-2022-2892Aug 31, 2022risk 0.00cvss —epss 0.00
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
- CVE-2012-1824May 25, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.