CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3263 – Measuresoft ScadaPro Server Improper Access Control
https://notcve.org/view.php?id=CVE-2022-3263
23 Sep 2022 — The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. El descriptor de seguridad de Measuresoft ScadaPro Server versión 6.7, presenta permisos inconsistentes, lo que podría permitir a un usuario local privilegiado limitado modificar la ruta binaria del servicio e iniciar comandos maliciosos con privilegios SYSTEM. This vulner... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-265-01 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2892 – Measuresoft ScadaPro Server Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-2892
23 Aug 2022 — Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. Measuresoft ScadaPro Server (Versiones anteriores a 6.8.0.1) usa un control ActiveX no mantenido, que puede permitir una condición de escritura fuera de límites mientras es procesado un archivo de proyecto específico This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-05 • CWE-787: Out-of-bounds Write •