RSS   Vulnerabilities for 'Scadapro'   RSS

2011-09-16
 
CVE-2011-3497

CWE-200
 

 
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.

 
 
CVE-2011-3496

CWE-20
 

 
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

 
 
CVE-2011-3495

CWE-22
 

 
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

 
 
CVE-2011-3490

CWE-119
 

 
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

 

 >>> Vendor: Measuresoft 3 Products
Scadapro
Scadapro client
Scadapro server


Copyright 2024, cxsecurity.com

 

Back to Top