Details of VAR-201109-0168

ID

VAR-201109-0168

CVE

CVE-2011-3496

TITLE

Measuresoft ScadaPro service.exe Input validation vulnerability

Trust: 0.8

sources: IVD: a45c75f2-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-269

DESCRIPTION

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions

Trust: 4.77

sources: NVD: CVE-2011-3496 // JVNDB: JVNDB-2011-002235 // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673 // BID: 49613 // IVD: a45c75f2-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 3.2

sources: IVD: a45c75f2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673

AFFECTED PRODUCTS

vendor:	easuresoft	model:	scadapro	scope:	eq	version:	4.0.0.0	Trust: 3.0
vendor:	measuresoft	model:	scadapro	scope:	lte	version:	4.0.0	Trust: 1.8
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.11	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.10	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.13	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.15	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.12	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.9	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.6	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.14	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.8	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.7	Trust: 1.6
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.4	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.2.8	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.3	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5.5	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5.4	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.5	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5.3	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.4	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.5	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.8.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.9.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.5	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.2.9	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.9.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.3	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.3	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.7.2	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.4.6	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	2.1	Trust: 1.0
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	4.0	Trust: 0.3
vendor:	measuresoft	model:	scadapro	scope:	eq	version:	0	Trust: 0.3
vendor:	measuresoft	model:	scadapro	scope:	ne	version:	4.0.1	Trust: 0.3
vendor:	scadapro	model:	-	scope:	eq	version:	2.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.3	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.3	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.4	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.5	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.4.6	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5.3	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5.4	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.5.5	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.6.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.7.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.7.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.7.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.8.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	2.9.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.1.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.2.8	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.2.9	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.3.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.3.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.3.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.0	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.1	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.2	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.3	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.4	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.5	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.6	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.7	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.8	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.9	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.10	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.11	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.12	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.13	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.14	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	3.9.15	Trust: 0.2
vendor:	scadapro	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: a45c75f2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673 // BID: 49613 // JVNDB: JVNDB-2011-002235 // CNNVD: CNNVD-201109-269 // NVD: CVE-2011-3496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3496
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-3496
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201109-269
value:	CRITICAL
Trust: 0.6
IVD:	a45c75f2-2354-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2011-3496
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	a45c75f2-2354-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a45c75f2-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-002235 // CNNVD: CNNVD-201109-269 // NVD: CVE-2011-3496

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2011-002235 // NVD: CVE-2011-3496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-269

TYPE

Input validation

Trust: 0.8

sources: IVD: a45c75f2-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-269

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002235

PATCH

title:

scada-products

url:

http://www.measuresoft.com/products/scada-products.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2011-002235

EXTERNAL IDS

db:	BID	id:	49613	Trust: 4.1
db:	NVD	id:	CVE-2011-3496	Trust: 2.9
db:	ICS CERT ALERT	id:	ICS-ALERT-11-256-04	Trust: 2.4
db:	EXPLOIT-DB	id:	17848	Trust: 1.6
db:	SREASON	id:	8382	Trust: 1.0
db:	CNNVD	id:	CNNVD-201109-269	Trust: 0.8
db:	OSVDB	id:	75571	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-002235	Trust: 0.8
db:	CNVD	id:	CNVD-2011-3670	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3674	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3676	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3675	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3673	Trust: 0.6
db:	ICS CERT	id:	ICSA-11-263-01	Trust: 0.3
db:	IVD	id:	A45C75F2-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp	Trust: 3.0
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf	Trust: 2.4
url:	http://aluigi.altervista.org/adv/scadapro_1-adv.txt	Trust: 1.9
url:	http://www.exploit-db.com/exploits/17848	Trust: 1.6
url:	http://securityreason.com/securityalert/8382	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3496	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3496	Trust: 0.8
url:	http://osvdb.org/75571	Trust: 0.8
url:	http://www.securityfocus.com/bid/49613	Trust: 0.8
url:	http://www.measuresoft.com/products/scada-products.aspx	Trust: 0.3
url:	/archive/1/519637	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf	Trust: 0.3
url:	http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx	Trust: 0.3

sources: CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673 // BID: 49613 // JVNDB: JVNDB-2011-002235 // CNNVD: CNNVD-201109-269 // NVD: CVE-2011-3496

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 49613

SOURCES

db:	IVD	id:	a45c75f2-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-3670
db:	CNVD	id:	CNVD-2011-3674
db:	CNVD	id:	CNVD-2011-3676
db:	CNVD	id:	CNVD-2011-3675
db:	CNVD	id:	CNVD-2011-3673
db:	BID	id:	49613
db:	JVNDB	id:	JVNDB-2011-002235
db:	CNNVD	id:	CNNVD-201109-269
db:	NVD	id:	CVE-2011-3496

LAST UPDATE DATE

2024-08-14T14:52:48.865000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-3670	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3674	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3676	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3675	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3673	date:	2011-09-15T00:00:00
db:	BID	id:	49613	date:	2011-09-20T21:30:00
db:	JVNDB	id:	JVNDB-2011-002235	date:	2011-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201109-269	date:	2011-09-19T00:00:00
db:	NVD	id:	CVE-2011-3496	date:	2012-02-14T04:08:47.447

SOURCES RELEASE DATE

db:	IVD	id:	a45c75f2-2354-11e6-abef-000c29c66e3d	date:	2011-09-19T00:00:00
db:	CNVD	id:	CNVD-2011-3670	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3674	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3676	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3675	date:	2011-09-15T00:00:00
db:	CNVD	id:	CNVD-2011-3673	date:	2011-09-15T00:00:00
db:	BID	id:	49613	date:	2011-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2011-002235	date:	2011-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201109-269	date:	2011-09-19T00:00:00
db:	NVD	id:	CVE-2011-3496	date:	2011-09-16T17:26:14.747