CVSS: 10.0EPSS: 3%CPEs: 45EXPL: 2CVE-2011-3495 – Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3495
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command. • https://www.exploit-db.com/exploits/17844 http://aluigi.altervista.org/adv/scadapro_1-adv.txt http://securityreason.com/securityalert/8382 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 10%CPEs: 45EXPL: 4CVE-2011-3496 – Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3496
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command. • https://www.exploit-db.com/exploits/17844 https://www.exploit-db.com/exploits/17848 http://aluigi.altervista.org/adv/scadapro_1-adv.txt http://securityreason.com/securityalert/8382 http://www.exploit-db.com/exploits/17848 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 45EXPL: 4CVE-2011-3490 – Measuresoft ScadaPro 4.0.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-3490
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. Múltiples desbordamiento de buffer de pila en service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un comando extenso al puerto 11234, como se ha demostrado con el comando TF. • https://www.exploit-db.com/exploits/17844 https://www.exploit-db.com/exploits/17848 http://aluigi.altervista.org/adv/scadapro_1-adv.txt http://securityreason.com/securityalert/8382 http://www.exploit-db.com/exploits/17848 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •