Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3490

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3490
Last Modified 13 Feb 2012 11:08:46
Published 16 Sep 2011 10:28:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3490

Summary

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Vulnerable Systems

Application

  • Measuresoft Scadapro 2.1

  • Measuresoft Scadapro 2.2

  • Measuresoft Scadapro 2.3

  • Measuresoft Scadapro 2.4

  • Measuresoft Scadapro 2.4.1

  • Measuresoft Scadapro 2.4.2

  • Measuresoft Scadapro 2.4.3

  • Measuresoft Scadapro 2.4.4

  • Measuresoft Scadapro 2.4.5

  • Measuresoft Scadapro 2.4.6

  • Measuresoft Scadapro 2.5

  • Measuresoft Scadapro 2.5.1

  • Measuresoft Scadapro 2.5.2

  • Measuresoft Scadapro 2.5.3

  • Measuresoft Scadapro 2.5.4

  • Measuresoft Scadapro 2.5.5

  • Measuresoft Scadapro 2.6.0

  • Measuresoft Scadapro 2.7.0

  • Measuresoft Scadapro 2.7.1

  • Measuresoft Scadapro 2.7.2

  • Measuresoft Scadapro 2.8.0

  • Measuresoft Scadapro 2.9.0

  • Measuresoft Scadapro 3.1.0

  • Measuresoft Scadapro 3.2.8

  • Measuresoft Scadapro 3.2.9

  • Measuresoft Scadapro 3.3.0

  • Measuresoft Scadapro 3.3.1

  • Measuresoft Scadapro 3.3.2

  • Measuresoft Scadapro 3.9.0

  • Measuresoft Scadapro 3.9.1

  • Measuresoft Scadapro 3.9.10

  • Measuresoft Scadapro 3.9.11

  • Measuresoft Scadapro 3.9.12

  • Measuresoft Scadapro 3.9.13

  • Measuresoft Scadapro 3.9.14

  • Measuresoft Scadapro 3.9.15

  • Measuresoft Scadapro 3.9.2

  • Measuresoft Scadapro 3.9.3

  • Measuresoft Scadapro 3.9.4

  • Measuresoft Scadapro 3.9.5

  • Measuresoft Scadapro 3.9.6

  • Measuresoft Scadapro 3.9.7

  • Measuresoft Scadapro 3.9.8

  • Measuresoft Scadapro 3.9.9

  • Measuresoft Scadapro 4.0.0


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

EXPLOIT-DB - 17848

MISC - http://aluigi.altervista.org/adv/scadapro_1-adv.txt

SREASON - 8382


Last Updated: 27 May 2016 10:57:25