Search criteria
19 vulnerabilities found for ScadaPro by Measuresoft
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from cvelistv5 ā Published: 2024-04-30 19:45 ā Updated: 2025-08-27 21:23
VLAI?
Summary
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
Credits
Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from cvelistv5 ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from cvelistv5 ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from cvelistv5 ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from cvelistv5 ā Published: 2011-09-16 14:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3490",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from nvd ā Published: 2024-04-30 19:45 ā Updated: 2025-08-27 21:23
VLAI?
Summary
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
Severity ?
5.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Measuresoft | ScadaPro |
Affected:
6.9.0.0
|
Credits
Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:21:37.188099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:00.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScadaPro",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "6.9.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:38:27.985Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
}
],
"source": {
"advisory": "ICSA-24-107-01",
"discovery": "EXTERNAL"
},
"title": "Measuresoft ScadaPro Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
}
],
"value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3746",
"datePublished": "2024-04-30T19:45:21.951Z",
"dateReserved": "2024-04-12T20:04:14.046Z",
"dateUpdated": "2025-08-27T21:23:00.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from nvd ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3495",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from nvd ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3497",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from nvd ā Published: 2011-09-16 17:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3496",
"datePublished": "2011-09-16T17:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from nvd ā Published: 2011-09-16 14:00 ā Updated: 2024-08-06 23:37
VLAI?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8382"
},
{
"name": "17848",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3490",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201205-0302
Vulnerability from variot - Updated: 2023-12-18 13:04Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201205-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro client",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro server",
"scope": "lte",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.9,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro client",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "lt",
"trust": 0.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro server",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro client",
"scope": "eq",
"trust": 0.6,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos Mario Penagos Hollmann",
"sources": [
{
"db": "BID",
"id": "53681"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-1824",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1824",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1824",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-145-01",
"trust": 3.3
},
{
"db": "BID",
"id": "53681",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-2775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564",
"trust": 0.8
},
{
"db": "IVD",
"id": "CEFAA91A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"id": "VAR-201205-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
}
]
},
"last_update_date": "2023-12-18T13:04:22.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"title": "Measuresoft ScadaPro DLL loads patches for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/17351"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/client/documentation/releasenotes.doc"
},
{
"trust": 1.6,
"url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/server/documentation/releasenotes.doc"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1824"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1824"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53681"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"db": "BID",
"id": "53681"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-05-25T19:55:01.493000",
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-2775"
},
{
"date": "2012-05-24T00:00:00",
"db": "BID",
"id": "53681"
},
{
"date": "2012-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002564"
},
{
"date": "2012-05-28T04:00:00",
"db": "NVD",
"id": "CVE-2012-1824"
},
{
"date": "2012-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Client and ScadaPro Server Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002564"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-464"
}
],
"trust": 0.8
}
}
VAR-201109-0169
Vulnerability from variot - Updated: 2023-12-18 12:58service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3497",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3497",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3497",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A44E1B2E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"id": "VAR-201109-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2023-12-18T12:58:23.404000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3497"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75490"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2011-09-16T17:26:14.777000",
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002234"
},
{
"date": "2012-02-14T04:08:47.617000",
"db": "NVD",
"id": "CVE-2011-3497"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-270"
}
],
"trust": 0.6
}
}
VAR-201109-0188
Vulnerability from variot - Updated: 2023-12-18 12:58Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3495",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3495",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3495",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75487",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75489",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75488",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A471CECA-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"id": "VAR-201109-0188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2023-12-18T12:58:23.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3495"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75489"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75487"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75488"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2011-09-16T17:26:14.683000",
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002233"
},
{
"date": "2012-02-14T04:08:47.290000",
"db": "NVD",
"id": "CVE-2011-3495"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro of service.exe Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "a471ceca-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-268"
}
],
"trust": 0.8
}
}
VAR-201109-0168
Vulnerability from variot - Updated: 2023-12-18 12:58service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 3.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3496",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3496",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3496",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75571",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "A45C75F2-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"id": "VAR-201109-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 4.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.2
}
],
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2023-12-18T12:58:23.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3496"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75571"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2011-09-16T17:26:14.747000",
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002235"
},
{
"date": "2012-02-14T04:08:47.447000",
"db": "NVD",
"id": "CVE-2011-3496"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro service.exe Input validation vulnerability",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-269"
}
],
"trust": 0.8
}
}
VAR-201109-0183
Vulnerability from variot - Updated: 2023-12-18 12:58Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scadapro",
"scope": "eq",
"trust": 4.0,
"vendor": "easuresoft",
"version": "4.0.0.0"
},
{
"model": "scadapro",
"scope": "lte",
"trust": 1.8,
"vendor": "measuresoft",
"version": "4.0.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.15"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.13"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.7"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.10"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.14"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.11"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.6,
"vendor": "measuresoft",
"version": "3.9.12"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.1.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.9"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.8.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.2.8"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.4"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.6"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.4.5"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.3.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.5.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.6.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.7.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.3"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "2.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.1"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 1.0,
"vendor": "measuresoft",
"version": "3.9.2"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0"
},
{
"model": "scadapro",
"scope": "eq",
"trust": 0.3,
"vendor": "measuresoft",
"version": "0"
},
{
"model": "scadapro",
"scope": "ne",
"trust": 0.3,
"vendor": "measuresoft",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.4.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "2.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "3.9.15"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scadapro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49613"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-3490",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3490",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
}
],
"trust": 5.67
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49613",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2011-3490",
"trust": 3.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-04",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "17848",
"trust": 1.6
},
{
"db": "SREASON",
"id": "8382",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3673",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3676",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3675",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3674",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-3670",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "75486",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-11-263-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "82F0DC66-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7DE8A7B2-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7F9967D6-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "815B94A4-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A5093936-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "86F8B360-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"id": "VAR-201109-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
],
"trust": 5.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.2
}
],
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
}
]
},
"last_update_date": "2023-12-18T12:58:23.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "scada-products",
"trust": 0.8,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
},
{
"trust": 1.9,
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3490"
},
{
"trust": 0.8,
"url": "http://osvdb.org/75486"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/49613"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.com/products/scada-products.aspx"
},
{
"trust": 0.3,
"url": "/archive/1/519637"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"db": "BID",
"id": "49613"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2011-09-16T14:28:12.997000",
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3670"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3674"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3676"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3675"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3673"
},
{
"date": "2011-09-20T21:30:00",
"db": "BID",
"id": "49613"
},
{
"date": "2011-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002240"
},
{
"date": "2012-02-14T04:08:46.697000",
"db": "NVD",
"id": "CVE-2011-3490"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Measuresoft ScadaPro Arbitrary function call vulnerability",
"sources": [
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a5093936-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-263"
}
],
"trust": 1.8
}
}
FKIE_CVE-2011-3497
Vulnerability from fkie_nvd - Published: 2011-09-16 17:26 - Updated: 2025-04-11 00:51
Severity ?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
},
{
"lang": "es",
"value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar funciones DLL arbitrarias a trav\u00e9s de una funci\u00f3n XF, posiblemente relacionado con una m\u00e9todo inseguro expuesto."
}
],
"id": "CVE-2011-3497",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3495
Vulnerability from fkie_nvd - Published: 2011-09-16 17:26 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
},
{
"lang": "es",
"value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command."
}
],
"id": "CVE-2011-3495",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3496
Vulnerability from fkie_nvd - Published: 2011-09-16 17:26 - Updated: 2025-04-11 00:51
Severity ?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
},
{
"lang": "es",
"value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command."
}
],
"id": "CVE-2011-3496",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T17:26:14.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3490
Vulnerability from fkie_nvd - Published: 2011-09-16 14:28 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamiento de buffer de pila en service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando extenso al puerto 11234, como se ha demostrado con el comando TF."
}
],
"id": "CVE-2011-3490",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T14:28:12.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}