MidnightBSD

Advisories for measuresoft

CVE-2011-3490 HIGH

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
measuresoft scadapro 2.7.1
measuresoft scadapro 3.9.1
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4
measuresoft scadapro 2.4.3
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.15
measuresoft scadapro 2.5
measuresoft scadapro 3.3.0
measuresoft scadapro 3.2.9
measuresoft scadapro 2.5.5
measuresoft scadapro 3.9.3
measuresoft scadapro 2.5.2
measuresoft scadapro 3.9.4
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 3.3.1
measuresoft scadapro *
measuresoft scadapro 2.4.2
measuresoft scadapro 3.2.8
measuresoft scadapro 2.6.0
measuresoft scadapro 3.3.2
measuresoft scadapro 2.5.1
measuresoft scadapro 2.2
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.10
measuresoft scadapro 2.3
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 3.9.8
measuresoft scadapro 2.1
measuresoft scadapro 2.7.0
measuresoft scadapro 3.9.12
measuresoft scadapro 2.9.0
measuresoft scadapro 3.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 2.8.0
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.5
measuresoft scadapro 2.4.1
measuresoft scadapro 2.7.2
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.14
CVE-2011-3495 HIGH

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
measuresoft scadapro 2.7.1
measuresoft scadapro 3.9.1
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4
measuresoft scadapro 2.4.3
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.15
measuresoft scadapro 2.5
measuresoft scadapro 3.3.0
measuresoft scadapro 3.2.9
measuresoft scadapro 2.5.5
measuresoft scadapro 3.9.3
measuresoft scadapro 2.5.2
measuresoft scadapro 3.9.4
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 3.3.1
measuresoft scadapro *
measuresoft scadapro 2.4.2
measuresoft scadapro 3.2.8
measuresoft scadapro 2.6.0
measuresoft scadapro 3.3.2
measuresoft scadapro 2.5.1
measuresoft scadapro 2.2
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.10
measuresoft scadapro 2.3
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 3.9.8
measuresoft scadapro 2.1
measuresoft scadapro 2.7.0
measuresoft scadapro 3.9.12
measuresoft scadapro 2.9.0
measuresoft scadapro 3.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 2.8.0
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.5
measuresoft scadapro 2.4.1
measuresoft scadapro 2.7.2
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.14
CVE-2011-3496 HIGH

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
measuresoft scadapro 2.7.1
measuresoft scadapro 3.9.1
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4
measuresoft scadapro 2.4.3
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.15
measuresoft scadapro 2.5
measuresoft scadapro 3.3.0
measuresoft scadapro 3.2.9
measuresoft scadapro 2.5.5
measuresoft scadapro 3.9.3
measuresoft scadapro 2.5.2
measuresoft scadapro 3.9.4
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 3.3.1
measuresoft scadapro *
measuresoft scadapro 2.4.2
measuresoft scadapro 3.2.8
measuresoft scadapro 2.6.0
measuresoft scadapro 3.3.2
measuresoft scadapro 2.5.1
measuresoft scadapro 2.2
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.10
measuresoft scadapro 2.3
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 3.9.8
measuresoft scadapro 2.1
measuresoft scadapro 2.7.0
measuresoft scadapro 3.9.12
measuresoft scadapro 2.9.0
measuresoft scadapro 3.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 2.8.0
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.5
measuresoft scadapro 2.4.1
measuresoft scadapro 2.7.2
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.14
CVE-2011-3497 HIGH

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
measuresoft scadapro 2.7.1
measuresoft scadapro 3.9.1
measuresoft scadapro 2.4.4
measuresoft scadapro 2.4
measuresoft scadapro 2.4.3
measuresoft scadapro 3.9.13
measuresoft scadapro 3.9.15
measuresoft scadapro 2.5
measuresoft scadapro 3.3.0
measuresoft scadapro 3.2.9
measuresoft scadapro 2.5.5
measuresoft scadapro 3.9.3
measuresoft scadapro 2.5.2
measuresoft scadapro 3.9.4
measuresoft scadapro 2.5.3
measuresoft scadapro 2.5.4
measuresoft scadapro 3.3.1
measuresoft scadapro *
measuresoft scadapro 2.4.2
measuresoft scadapro 3.2.8
measuresoft scadapro 2.6.0
measuresoft scadapro 3.3.2
measuresoft scadapro 2.5.1
measuresoft scadapro 2.2
measuresoft scadapro 3.9.7
measuresoft scadapro 3.9.10
measuresoft scadapro 2.3
measuresoft scadapro 2.4.5
measuresoft scadapro 2.4.6
measuresoft scadapro 3.9.8
measuresoft scadapro 2.1
measuresoft scadapro 2.7.0
measuresoft scadapro 3.9.12
measuresoft scadapro 2.9.0
measuresoft scadapro 3.9.0
measuresoft scadapro 3.1.0
measuresoft scadapro 2.8.0
measuresoft scadapro 3.9.2
measuresoft scadapro 3.9.9
measuresoft scadapro 3.9.11
measuresoft scadapro 3.9.5
measuresoft scadapro 2.4.1
measuresoft scadapro 2.7.2
measuresoft scadapro 3.9.6
measuresoft scadapro 3.9.14
CVE-2012-1824 HIGH

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
measuresoft scadapro_server *
measuresoft scadapro_client *
CVE-2022-2892

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server *
CVE-2022-2894

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server *
CVE-2022-2895

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server *
CVE-2022-2896

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server *
CVE-2022-2897

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server *
measuresoft scadapro_client *
CVE-2022-2898

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
measuresoft scadapro_server *
measuresoft scadapro_client *
CVE-2022-3263

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
measuresoft scadapro_server 6.7
CVE-2024-3746

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
measuresoft scadapro_server 6.9.0.0