Vulnerabilities > Measuresoft > Scadapro > 2.5.2

DATE CVE VULNERABILITY TITLE RISK
2011-09-16 CVE-2011-3497 Information Exposure vulnerability in Measuresoft Scadapro
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
network
low complexity
measuresoft CWE-200
critical
10.0
2011-09-16 CVE-2011-3496 Improper Input Validation vulnerability in Measuresoft Scadapro
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
network
low complexity
measuresoft CWE-20
critical
10.0
2011-09-16 CVE-2011-3495 Path Traversal vulnerability in Measuresoft Scadapro
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
network
low complexity
measuresoft CWE-22
critical
10.0
2011-09-16 CVE-2011-3490 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Measuresoft Scadapro
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
network
low complexity
measuresoft CWE-119
critical
10.0