Measuresoft ScadaPro Multiple Security Vulnerabilities Network Vulnerability

Summary

The host is running Measuresoft ScadaPro SCADA Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to read, modify, or delete arbitrary files and possibly execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to Measuresoft ScadaPro 4.0.1 or later, http://www.measuresoft.com/products/scadapro-server/scada-server.aspx

Insight

Multiple boundary errors within service.exe when processing certain packets.

Affected

Measuresoft ScadaPro 4.0.0 and prior

References

http://aluigi.altervista.org/adv/scadapro_1-adv.txt
http://secunia.com/advisories/45973
http://www.exploit-db.com/exploits/17848
http://www.measuresoft.net/news/post/Reports-of-Measuresoft-ScadaPro-400-Vulnerability-when-Windows-Firewall-is-switched-Off.aspx
http://www.osvdb.org/75487
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-11-263-01.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3490, CVE-2011-3495, CVE-2011-3496, CVE-2011-3497

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)

Take action and discover your vulnerabilities