Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
References
Link | Resource |
---|---|
http://aluigi.altervista.org/adv/scadapro_1-adv.txt | Exploit |
http://www.exploit-db.com/exploits/17848 | Exploit |
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf | US Government Resource |
http://securityreason.com/securityalert/8382 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-09-16 07:28
Updated : 2012-02-13 20:08
NVD link : CVE-2011-3490
Mitre link : CVE-2011-3490
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
measuresoft
- scadapro