Vulnerabilites related to measuresoft - scadapro
var-201109-0168
Vulnerability from variot

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0168",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "easuresoft",
        "version": "4.0.0.0"
      },
      {
        "model": "scadapro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.11"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.10"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.13"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.15"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.12"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.14"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.7"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.6.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.8.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.1.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "0"
      },
      {
        "model": "scadapro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.1.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.12"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.15"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma",
    "sources": [
      {
        "db": "BID",
        "id": "49613"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3496",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3496",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3496",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3496",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201109-269",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "a45c75f2-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "49613",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496",
        "trust": 2.9
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-11-256-04",
        "trust": 2.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17848",
        "trust": 1.6
      },
      {
        "db": "SREASON",
        "id": "8382",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75571",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-263-01",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "A45C75F2-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "id": "VAR-201109-0168",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ],
    "trust": 4.2
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 3.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:14:12.196000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "scada-products",
        "trust": 0.8,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
      },
      {
        "trust": 1.9,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17848"
      },
      {
        "trust": 1.0,
        "url": "http://securityreason.com/securityalert/8382"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3496"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3496"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75571"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/49613"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/519637"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-19T00:00:00",
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-13T00:00:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "date": "2011-09-16T17:26:14.747000",
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-20T21:30:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002235"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      },
      {
        "date": "2024-11-21T01:30:35.990000",
        "db": "NVD",
        "id": "CVE-2011-3496"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Measuresoft ScadaPro service.exe Input validation vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "a45c75f2-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-269"
      }
    ],
    "trust": 0.8
  }
}

var-201205-0302
Vulnerability from variot

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0302",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scadapro client",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "measuresoft",
        "version": "4.0"
      },
      {
        "model": "scadapro client",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro client",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro client",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro_client",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carlos Mario Penagos Hollmann",
    "sources": [
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2012-1824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2012-1824",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-1824",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-1824",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-464",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "cefaa91a-2353-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Measuresoft ScadaPro is a SCADA system for power, oil and gas, pharmaceutical and other companies. Measuresoft ScadaPro uses a fixed or controllable search path to discover resources, allowing unauthorized attackers to build malicious DLL files and loading malicious files before legitimate DLLs, which can cause arbitrary code to be executed in the context of the application. Measuresoft ScadaPro is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-1824",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-145-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "53681",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "CEFAA91A-2353-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "id": "VAR-201205-0302",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      }
    ],
    "trust": 0.08
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:46:20.371000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "scada-products",
        "trust": 0.8,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "title": "Measuresoft ScadaPro DLL loads patches for arbitrary code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/17351"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/server/documentation/releasenotes.doc"
      },
      {
        "trust": 1.6,
        "url": "http://www.measuresoft.net/downloads/measuresoft%20scada%204.4.6/issue_disks/client/documentation/releasenotes.doc"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1824"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1824"
      },
      {
        "trust": 0.6,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-145-01.pdfhttp"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/53681"
      },
      {
        "trust": 0.3,
        "url": "http://blog.rapid7.com/?p=5325"
      },
      {
        "trust": 0.3,
        "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "db": "BID",
        "id": "53681"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-28T00:00:00",
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2012-05-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "date": "2012-05-24T00:00:00",
        "db": "BID",
        "id": "53681"
      },
      {
        "date": "2012-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "date": "2012-05-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "date": "2012-05-25T19:55:01.493000",
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-2775"
      },
      {
        "date": "2012-05-24T00:00:00",
        "db": "BID",
        "id": "53681"
      },
      {
        "date": "2012-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      },
      {
        "date": "2012-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      },
      {
        "date": "2024-11-21T01:37:51.060000",
        "db": "NVD",
        "id": "CVE-2012-1824"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Measuresoft ScadaPro Client and  ScadaPro Server Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002564"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "IVD",
        "id": "cefaa91a-2353-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-464"
      }
    ],
    "trust": 0.8
  }
}

var-201109-0169
Vulnerability from variot

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "easuresoft",
        "version": "4.0.0.0"
      },
      {
        "model": "scadapro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.11"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.10"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.13"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.15"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.12"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.14"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.7"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.6.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.8.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.1.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "0"
      },
      {
        "model": "scadapro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.1.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.12"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.15"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma",
    "sources": [
      {
        "db": "BID",
        "id": "49613"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3497",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3497",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3497",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3497",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201109-270",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. Measuresoft ScadaPro of service.exe Any DLL There is a vulnerability that is executed.By a third party XF Through any DLL There is a vulnerability that is executed. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. \nExploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "49613",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497",
        "trust": 2.9
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-11-256-04",
        "trust": 2.4
      },
      {
        "db": "SREASON",
        "id": "8382",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75490",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-263-01",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "A44E1B2E-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "id": "VAR-201109-0169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ],
    "trust": 4.2
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 3.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:14:12.087000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "scada-products",
        "trust": 0.8,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
      },
      {
        "trust": 1.9,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
      },
      {
        "trust": 1.0,
        "url": "http://securityreason.com/securityalert/8382"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3497"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3497"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75490"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/49613"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/519637"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-19T00:00:00",
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-13T00:00:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "date": "2011-09-16T17:26:14.777000",
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-20T21:30:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002234"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      },
      {
        "date": "2024-11-21T01:30:36.153000",
        "db": "NVD",
        "id": "CVE-2011-3497"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Measuresoft ScadaPro service.exe Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "a44e1b2e-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-270"
      }
    ],
    "trust": 0.6
  }
}

var-201109-0188
Vulnerability from variot

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0188",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "easuresoft",
        "version": "4.0.0.0"
      },
      {
        "model": "scadapro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.11"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.10"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.13"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.15"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.12"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.14"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.7"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.6.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.8.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.1.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "0"
      },
      {
        "model": "scadapro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.1.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.12"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.15"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma",
    "sources": [
      {
        "db": "BID",
        "id": "49613"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3495",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3495",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "a471ceca-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3495",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3495",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201109-268",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "a471ceca-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 4.77
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "49613",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495",
        "trust": 2.9
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-11-256-04",
        "trust": 2.4
      },
      {
        "db": "SREASON",
        "id": "8382",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75487",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75489",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75488",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-263-01",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "A471CECA-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "id": "VAR-201109-0188",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ],
    "trust": 4.2
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 3.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:14:12.141000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "scada-products",
        "trust": 0.8,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
      },
      {
        "trust": 1.9,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
      },
      {
        "trust": 1.0,
        "url": "http://securityreason.com/securityalert/8382"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3495"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3495"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75489"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75487"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75488"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/49613"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/519637"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-19T00:00:00",
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-13T00:00:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "date": "2011-09-16T17:26:14.683000",
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-20T21:30:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      },
      {
        "date": "2024-11-21T01:30:35.830000",
        "db": "NVD",
        "id": "CVE-2011-3495"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Measuresoft ScadaPro of  service.exe Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002233"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "a471ceca-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-268"
      }
    ],
    "trust": 0.8
  }
}

var-201109-0183
Vulnerability from variot

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201109-0183",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 4.0,
        "vendor": "easuresoft",
        "version": "4.0.0.0"
      },
      {
        "model": "scadapro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "measuresoft",
        "version": "4.0.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.11"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.10"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.13"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.15"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.12"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.14"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "measuresoft",
        "version": "3.9.7"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.6.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.9"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.2.8"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.3.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.7.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.8.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.5"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.1.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.1"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.4"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.6"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "3.9.3"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.9.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "measuresoft",
        "version": "2.4.2"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0"
      },
      {
        "model": "scadapro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "0"
      },
      {
        "model": "scadapro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "measuresoft",
        "version": "4.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.4.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.5.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.7.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.8.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "2.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.1.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.2.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.3.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.9"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.12"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "3.9.15"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scadapro",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:measuresoft:scadapro",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma",
    "sources": [
      {
        "db": "BID",
        "id": "49613"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3490",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-3490",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "a5093936-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3490",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3490",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201109-263",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "815b94a4-1f88-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "a5093936-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "86f8b360-1f88-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \\\"xF\\\" command can be used to call any function in any DLL, such as executing the application via the \\\"system()\\\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \\\"RF\\\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 5.67
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "49613",
        "trust": 4.1
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490",
        "trust": 3.9
      },
      {
        "db": "ICS CERT ALERT",
        "id": "ICS-ALERT-11-256-04",
        "trust": 2.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "17848",
        "trust": 1.6
      },
      {
        "db": "SREASON",
        "id": "8382",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "75486",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-263-01",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "82F0DC66-1F88-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "7DE8A7B2-1F88-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "7F9967D6-1F88-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "815B94A4-1F88-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "A5093936-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "86F8B360-1F88-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "id": "VAR-201109-0183",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ],
    "trust": 5.2
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 4.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:14:12.252000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "scada-products",
        "trust": 0.8,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf"
      },
      {
        "trust": 1.9,
        "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
      },
      {
        "trust": 1.6,
        "url": "http://www.exploit-db.com/exploits/17848"
      },
      {
        "trust": 1.0,
        "url": "http://securityreason.com/securityalert/8382"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3490"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3490"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/75486"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/49613"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.com/products/scada-products.aspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/519637"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "db": "BID",
        "id": "49613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-15T00:00:00",
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-13T00:00:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "date": "2011-09-16T14:28:12.997000",
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3670"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3674"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3675"
      },
      {
        "date": "2011-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-3673"
      },
      {
        "date": "2011-09-20T21:30:00",
        "db": "BID",
        "id": "49613"
      },
      {
        "date": "2011-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002240"
      },
      {
        "date": "2011-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      },
      {
        "date": "2024-11-21T01:30:35.030000",
        "db": "NVD",
        "id": "CVE-2011-3490"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Measuresoft ScadaPro Arbitrary function call vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-3676"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "82f0dc66-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7de8a7b2-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7f9967d6-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "815b94a4-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "a5093936-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "86f8b360-1f88-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201109-263"
      }
    ],
    "trust": 1.8
  }
}

CVE-2011-3497 (GCVE-0-2011-3497)
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-08-06 23:37
Severity ?
CWE
  • n/a
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
References
http://securityreason.com/securityalert/8382third-party-advisory, x_refsource_SREASON
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfx_refsource_MISC
http://aluigi.altervista.org/adv/scadapro_1-adv.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:47.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8382"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8382"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3497",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8382",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8382"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
            },
            {
              "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3497",
    "datePublished": "2011-09-16T17:00:00",
    "dateReserved": "2011-09-16T00:00:00",
    "dateUpdated": "2024-08-06T23:37:47.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3490 (GCVE-0-2011-3490)
Vulnerability from cvelistv5
Published
2011-09-16 14:00
Modified
2024-08-06 23:37
Severity ?
CWE
  • n/a
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
References
http://securityreason.com/securityalert/8382third-party-advisory, x_refsource_SREASON
http://www.exploit-db.com/exploits/17848exploit, x_refsource_EXPLOIT-DB
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfx_refsource_MISC
http://aluigi.altervista.org/adv/scadapro_1-adv.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:47.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8382"
          },
          {
            "name": "17848",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17848"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8382"
        },
        {
          "name": "17848",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17848"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8382",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8382"
            },
            {
              "name": "17848",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17848"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
            },
            {
              "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3490",
    "datePublished": "2011-09-16T14:00:00",
    "dateReserved": "2011-09-16T00:00:00",
    "dateUpdated": "2024-08-06T23:37:47.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3496 (GCVE-0-2011-3496)
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-08-06 23:37
Severity ?
CWE
  • n/a
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
References
http://securityreason.com/securityalert/8382third-party-advisory, x_refsource_SREASON
http://www.exploit-db.com/exploits/17848exploit, x_refsource_EXPLOIT-DB
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfx_refsource_MISC
http://aluigi.altervista.org/adv/scadapro_1-adv.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:47.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8382"
          },
          {
            "name": "17848",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/17848"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8382"
        },
        {
          "name": "17848",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/17848"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8382",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8382"
            },
            {
              "name": "17848",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/17848"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
            },
            {
              "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3496",
    "datePublished": "2011-09-16T17:00:00",
    "dateReserved": "2011-09-16T00:00:00",
    "dateUpdated": "2024-08-06T23:37:47.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-3495 (GCVE-0-2011-3495)
Vulnerability from cvelistv5
Published
2011-09-16 17:00
Modified
2024-08-06 23:37
Severity ?
CWE
  • n/a
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
References
http://securityreason.com/securityalert/8382third-party-advisory, x_refsource_SREASON
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfx_refsource_MISC
http://aluigi.altervista.org/adv/scadapro_1-adv.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:47.817Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8382",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8382"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-02-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8382",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8382"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8382",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8382"
            },
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf",
              "refsource": "MISC",
              "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
            },
            {
              "name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3495",
    "datePublished": "2011-09-16T17:00:00",
    "dateReserved": "2011-09-16T00:00:00",
    "dateUpdated": "2024-08-06T23:37:47.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3746 (GCVE-0-2024-3746)
Vulnerability from cvelistv5
Published
2024-04-30 19:45
Modified
2025-08-27 21:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE
Summary
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01
Impacted products
Vendor Product Version
Measuresoft ScadaPro Version: 6.9.0.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T19:21:37.188099Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T21:23:00.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:01.065Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ScadaPro",
          "vendor": "Measuresoft",
          "versions": [
            {
              "status": "affected",
              "version": "6.9.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
            }
          ],
          "value": "The entire parent directory - C:\\ScadaPro and its sub-directories and \nfiles are configured by default to allow user, including unprivileged \nusers, to write or overwrite files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T16:38:27.985Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-01"
        }
      ],
      "source": {
        "advisory": "ICSA-24-107-01",
        "discovery": "EXTERNAL"
      },
      "title": "Measuresoft ScadaPro Improper Access Control",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Measuresoft recommends that users manually reconfigure the vulnerable directories so that they are not writable by everyone."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-3746",
    "datePublished": "2024-04-30T19:45:21.951Z",
    "dateReserved": "2024-04-12T20:04:14.046Z",
    "dateUpdated": "2025-08-27T21:23:00.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2025-04-11 00:51
Severity ?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
References
cve@mitre.orghttp://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
cve@mitre.orghttp://securityreason.com/securityalert/8382
cve@mitre.orghttp://www.exploit-db.com/exploits/17848Exploit
cve@mitre.orghttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8382
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/17848Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
Impacted products
Vendor Product Version
measuresoft scadapro *
measuresoft scadapro 2.1
measuresoft scadapro 2.2
measuresoft scadapro 2.3
measuresoft scadapro 2.4
measuresoft scadapro 2.4.1
measuresoft scadapro 2.4.2
measuresoft scadapro 2.4.3
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 2.5
measuresoft scadapro 2.5.1
measuresoft scadapro 2.5.2
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 2.5.5
measuresoft scadapro 2.6.0
measuresoft scadapro 2.7.0
measuresoft scadapro 2.7.1
measuresoft scadapro 2.7.2
measuresoft scadapro 2.8.0
measuresoft scadapro 2.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 3.2.8
measuresoft scadapro 3.2.9
measuresoft scadapro 3.3.0
measuresoft scadapro 3.3.1
measuresoft scadapro 3.3.2
measuresoft scadapro 3.9.0
measuresoft scadapro 3.9.1
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.3
measuresoft scadapro 3.9.4
measuresoft scadapro 3.9.5
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.8
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.10
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.12
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.14
measuresoft scadapro 3.9.15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
              "versionEndIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."
    },
    {
      "lang": "es",
      "value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command."
    }
  ],
  "id": "CVE-2011-3496",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-16T17:26:14.747",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17848"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-09-16 14:28
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
References
cve@mitre.orghttp://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
cve@mitre.orghttp://securityreason.com/securityalert/8382
cve@mitre.orghttp://www.exploit-db.com/exploits/17848Exploit
cve@mitre.orghttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8382
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/17848Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
Impacted products
Vendor Product Version
measuresoft scadapro *
measuresoft scadapro 2.1
measuresoft scadapro 2.2
measuresoft scadapro 2.3
measuresoft scadapro 2.4
measuresoft scadapro 2.4.1
measuresoft scadapro 2.4.2
measuresoft scadapro 2.4.3
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 2.5
measuresoft scadapro 2.5.1
measuresoft scadapro 2.5.2
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 2.5.5
measuresoft scadapro 2.6.0
measuresoft scadapro 2.7.0
measuresoft scadapro 2.7.1
measuresoft scadapro 2.7.2
measuresoft scadapro 2.8.0
measuresoft scadapro 2.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 3.2.8
measuresoft scadapro 3.2.9
measuresoft scadapro 3.3.0
measuresoft scadapro 3.3.1
measuresoft scadapro 3.3.2
measuresoft scadapro 3.9.0
measuresoft scadapro 3.9.1
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.3
measuresoft scadapro 3.9.4
measuresoft scadapro 3.9.5
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.8
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.10
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.12
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.14
measuresoft scadapro 3.9.15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
              "versionEndIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamiento de buffer de pila en service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando extenso al puerto 11234, como se ha demostrado con el comando TF."
    }
  ],
  "id": "CVE-2011-3490",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-16T14:28:12.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17848"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/17848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
References
cve@mitre.orghttp://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
cve@mitre.orghttp://securityreason.com/securityalert/8382
cve@mitre.orghttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8382
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
Impacted products
Vendor Product Version
measuresoft scadapro *
measuresoft scadapro 2.1
measuresoft scadapro 2.2
measuresoft scadapro 2.3
measuresoft scadapro 2.4
measuresoft scadapro 2.4.1
measuresoft scadapro 2.4.2
measuresoft scadapro 2.4.3
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 2.5
measuresoft scadapro 2.5.1
measuresoft scadapro 2.5.2
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 2.5.5
measuresoft scadapro 2.6.0
measuresoft scadapro 2.7.0
measuresoft scadapro 2.7.1
measuresoft scadapro 2.7.2
measuresoft scadapro 2.8.0
measuresoft scadapro 2.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 3.2.8
measuresoft scadapro 3.2.9
measuresoft scadapro 3.3.0
measuresoft scadapro 3.3.1
measuresoft scadapro 3.3.2
measuresoft scadapro 3.9.0
measuresoft scadapro 3.9.1
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.3
measuresoft scadapro 3.9.4
measuresoft scadapro 3.9.5
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.8
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.10
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.12
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.14
measuresoft scadapro 3.9.15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
              "versionEndIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command."
    },
    {
      "lang": "es",
      "value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command."
    }
  ],
  "id": "CVE-2011-3495",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-16T17:26:14.683",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-09-16 17:26
Modified
2025-04-11 00:51
Severity ?
Summary
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
References
cve@mitre.orghttp://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
cve@mitre.orghttp://securityreason.com/securityalert/8382
cve@mitre.orghttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://aluigi.altervista.org/adv/scadapro_1-adv.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8382
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdfUS Government Resource
Impacted products
Vendor Product Version
measuresoft scadapro *
measuresoft scadapro 2.1
measuresoft scadapro 2.2
measuresoft scadapro 2.3
measuresoft scadapro 2.4
measuresoft scadapro 2.4.1
measuresoft scadapro 2.4.2
measuresoft scadapro 2.4.3
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 2.5
measuresoft scadapro 2.5.1
measuresoft scadapro 2.5.2
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 2.5.5
measuresoft scadapro 2.6.0
measuresoft scadapro 2.7.0
measuresoft scadapro 2.7.1
measuresoft scadapro 2.7.2
measuresoft scadapro 2.8.0
measuresoft scadapro 2.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 3.2.8
measuresoft scadapro 3.2.9
measuresoft scadapro 3.3.0
measuresoft scadapro 3.3.1
measuresoft scadapro 3.3.2
measuresoft scadapro 3.9.0
measuresoft scadapro 3.9.1
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.3
measuresoft scadapro 3.9.4
measuresoft scadapro 3.9.5
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.8
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.10
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.12
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.14
measuresoft scadapro 3.9.15


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
              "versionEndIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method."
    },
    {
      "lang": "es",
      "value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar funciones DLL arbitrarias a trav\u00e9s de una funci\u00f3n XF, posiblemente relacionado con una m\u00e9todo inseguro expuesto."
    }
  ],
  "id": "CVE-2011-3497",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-16T17:26:14.777",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}