CVE-2011-3490 - Buffer Errors vulnerability in Measuresoft Scadapro

Publication

2011-09-16

Last modification

2012-02-14

Summary

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Description

Measuresoft ScadaPro is prone to multiple security vulnerabilities.Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions.

Solution

The vendor released an update. Please contact the vendor for more information on how to obtain and apply this update.

Exploit

Exploit code is available. Please see the references for more information.The following Metasploit exploit module is available: /data/vulnerabilities/exploits/49613.rb

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Measuresoft Scadapro  3.9.7 , 2.7.2 , 2.4.5 , 2.6.0 , 2.4.1 , 2.9.0 , 3.9.10 , 3.2.9 , 2.5 , 2.2 , 3.9.15 , 2.8.0 , 2.5.5 , 3.9.0 , 3.9.6 , 3.9.5 , 2.4 , 2.7.1 , 2.5.4 , 2.7.0 , 2.4.2 , 3.3.1 , 2.3 , 3.3.0 , 3.9.3 , 3.9.8 , 2.4.4 , 3.9.4 , 2.5.3 , 3.9.11 , 2.5.1 , 3.9.9 , 3.9.1 , 2.4.3 , 4.0.0 , 2.1 , 3.2.8 , 3.9.2 , 3.1.0 , 3.9.14 , 3.9.13 , 3.3.2 , 3.9.12 , 2.4.6 , 2.5.2