Measuresoft ScadaPro Server DLL Code Execution Vulnerability Network Vulnerability

Summary

The host is installed with Measuresoft ScadaPro Server and is prone to code execution vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code on the system via a specially-crafted library. Impact Level: System/Application

Solution

Upgrade to version 4.0.0 or later, For updates refer to http://www.measuresoft.com/download/current_release.aspx

Insight

A flaw exists in the application, which does not directly specify the fully qualified path to a dynamic-linked library.

Affected

Measuresoft ScadaPro Server before 4.0.0

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://www.osvdb.com/82233
http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf
http://xforce.iss.net/xforce/xfdb/75860

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1824

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - November12 (Windows)

Take action and discover your vulnerabilities