Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3496

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3496
Last Modified 13 Feb 2012 11:08:47
Published 16 Sep 2011 01:26:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3496

Summary

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

Vulnerable Systems

Application

  • Measuresoft Scadapro 2.1

  • Measuresoft Scadapro 2.2

  • Measuresoft Scadapro 2.3

  • Measuresoft Scadapro 2.4

  • Measuresoft Scadapro 2.4.1

  • Measuresoft Scadapro 2.4.2

  • Measuresoft Scadapro 2.4.3

  • Measuresoft Scadapro 2.4.4

  • Measuresoft Scadapro 2.4.5

  • Measuresoft Scadapro 2.4.6

  • Measuresoft Scadapro 2.5

  • Measuresoft Scadapro 2.5.1

  • Measuresoft Scadapro 2.5.2

  • Measuresoft Scadapro 2.5.3

  • Measuresoft Scadapro 2.5.4

  • Measuresoft Scadapro 2.5.5

  • Measuresoft Scadapro 2.6.0

  • Measuresoft Scadapro 2.7.0

  • Measuresoft Scadapro 2.7.1

  • Measuresoft Scadapro 2.7.2

  • Measuresoft Scadapro 2.8.0

  • Measuresoft Scadapro 2.9.0

  • Measuresoft Scadapro 3.1.0

  • Measuresoft Scadapro 3.2.8

  • Measuresoft Scadapro 3.2.9

  • Measuresoft Scadapro 3.3.0

  • Measuresoft Scadapro 3.3.1

  • Measuresoft Scadapro 3.3.2

  • Measuresoft Scadapro 3.9.0

  • Measuresoft Scadapro 3.9.1

  • Measuresoft Scadapro 3.9.10

  • Measuresoft Scadapro 3.9.11

  • Measuresoft Scadapro 3.9.12

  • Measuresoft Scadapro 3.9.13

  • Measuresoft Scadapro 3.9.14

  • Measuresoft Scadapro 3.9.15

  • Measuresoft Scadapro 3.9.2

  • Measuresoft Scadapro 3.9.3

  • Measuresoft Scadapro 3.9.4

  • Measuresoft Scadapro 3.9.5

  • Measuresoft Scadapro 3.9.6

  • Measuresoft Scadapro 3.9.7

  • Measuresoft Scadapro 3.9.8

  • Measuresoft Scadapro 3.9.9

  • Measuresoft Scadapro 4.0.0


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

EXPLOIT-DB - 17848

MISC - http://aluigi.altervista.org/adv/scadapro_1-adv.txt

SREASON - 8382


Last Updated: 27 May 2016 10:57:25