Sign-up

ID

VAR-201109-0188


CVE

CVE-2011-3495


TITLE

Measuresoft ScadaPro of service.exe Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2011-002233

DESCRIPTION

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. Service.exe has multiple boundary errors when processing messages, and sending a specially crafted command to TCP port 11234 can trigger a stack-based buffer overflow. Measuresoft ScadaPro provides integrated data phone, monitoring, logging, report generation and more. Measuresoft ScadaPro has a security vulnerability. The \"xF\" command can be used to call any function in any DLL, such as executing the application via the \"system()\" function in msvcrt.dll. Measuresoft ScadaPro has a security vulnerability and sends a special \"RF\" command to TCP port 11234 to get arbitrary file content. Failed attempts will likely cause denial-of-service conditions

Trust: 4.77

sources: NVD: CVE-2011-3495 // JVNDB: JVNDB-2011-002233 // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673 // BID: 49613 // IVD: a471ceca-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 3.2

sources: IVD: a471ceca-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673

AFFECTED PRODUCTS

vendor:easuresoftmodel:scadaproscope:eqversion:4.0.0.0

Trust: 3.0

vendor:measuresoftmodel:scadaproscope:lteversion:4.0.0

Trust: 1.8

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.11

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.10

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.13

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.15

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.12

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.9

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.6

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.14

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.8

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.7

Trust: 1.6

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.4

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.6.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.2.8

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.3

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5.5

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.7.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5.4

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.5

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5.3

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.7.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.4

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.5

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.8.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.9.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.5

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.3.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.2.9

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.9.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.3

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.3

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.3.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.1.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.7.2

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.4.6

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:3.3.0

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:2.1

Trust: 1.0

vendor:measuresoftmodel:scadaproscope:eqversion:4.0

Trust: 0.3

vendor:measuresoftmodel:scadaproscope:eqversion:0

Trust: 0.3

vendor:measuresoftmodel:scadaproscope:neversion:4.0.1

Trust: 0.3

vendor:scadapromodel: - scope:eqversion:2.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.3

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.3

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.4

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.5

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.4.6

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5.3

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5.4

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.5.5

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.6.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.7.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.7.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.7.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.8.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:2.9.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.1.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.2.8

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.2.9

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.3.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.3.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.3.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.0

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.1

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.2

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.3

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.4

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.5

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.6

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.7

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.8

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.9

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.10

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.11

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.12

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.13

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.14

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:3.9.15

Trust: 0.2

vendor:scadapromodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a471ceca-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3670 // CNVD: CNVD-2011-3674 // CNVD: CNVD-2011-3676 // CNVD: CNVD-2011-3675 // CNVD: CNVD-2011-3673 // BID: 49613 // JVNDB: JVNDB-2011-002233 // CNNVD: CNNVD-201109-268 // NVD: CVE-2011-3495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3495
value: HIGH

Trust: 1.0

NVD: CVE-2011-3495
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201109-268
value: CRITICAL

Trust: 0.6

IVD: a471ceca-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-3495
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: a471ceca-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: a471ceca-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-002233 // CNNVD: CNNVD-201109-268 // NVD: CVE-2011-3495

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-002233 // NVD: CVE-2011-3495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-268

TYPE

Path traversal

Trust: 0.8

sources: IVD: a471ceca-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201109-268

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002233

PATCH
title:scada-productsurl:http://www.measuresoft.com/products/scada-products.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-002233

EXTERNAL IDS
db:BIDid:49613
Trust: 4.1
db:NVDid:CVE-2011-3495
Trust: 2.9
db:ICS CERT ALERTid:ICS-ALERT-11-256-04
Trust: 2.4
db:SREASONid:8382
Trust: 1.0
db:CNNVDid:CNNVD-201109-268
Trust: 0.8
db:OSVDBid:75487
Trust: 0.8
db:OSVDBid:75489
Trust: 0.8
db:OSVDBid:75488
Trust: 0.8
db:JVNDBid:JVNDB-2011-002233
Trust: 0.8
db:CNVDid:CNVD-2011-3670
Trust: 0.6
db:CNVDid:CNVD-2011-3674
Trust: 0.6
db:CNVDid:CNVD-2011-3676
Trust: 0.6
db:CNVDid:CNVD-2011-3675
Trust: 0.6
db:CNVDid:CNVD-2011-3673
Trust: 0.6
db:ICS CERTid:ICSA-11-263-01
Trust: 0.3
db:IVDid:A471CECA-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: a471ceca-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-3670 // 
            
            
            
            CNVD: CNVD-2011-3674 // 
            
            
            
            CNVD: CNVD-2011-3676 // 
            
            
            
            CNVD: CNVD-2011-3675 // 
            
            
            
            CNVD: CNVD-2011-3673 // 
            
            
            
            BID: 49613 // 
            
            
            
            JVNDB: JVNDB-2011-002233 // 
            
            
            
            CNNVD: CNNVD-201109-268 // 
            
            
            
            NVD: CVE-2011-3495

REFERENCES
url:http://aluigi.altervista.org/adv/scadapro_1-adv.txthttp
Trust: 3.0
url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-04.pdf
Trust: 2.4
url:http://aluigi.altervista.org/adv/scadapro_1-adv.txt
Trust: 1.9
url:http://securityreason.com/securityalert/8382
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3495
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3495
Trust: 0.8
url:http://osvdb.org/75489
Trust: 0.8
url:http://osvdb.org/75487
Trust: 0.8
url:http://osvdb.org/75488
Trust: 0.8
url:http://www.securityfocus.com/bid/49613
Trust: 0.8
url:http://www.measuresoft.com/products/scada-products.aspx
Trust: 0.3
url:/archive/1/519637
Trust: 0.3
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-263-01.pdf
Trust: 0.3
url:http://www.measuresoft.net/news/post/inaccurate-reports-of-measuresoft-scadapro-400-vulnerability.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-3670 // 
            
            
            
            CNVD: CNVD-2011-3674 // 
            
            
            
            CNVD: CNVD-2011-3676 // 
            
            
            
            CNVD: CNVD-2011-3675 // 
            
            
            
            CNVD: CNVD-2011-3673 // 
            
            
            
            BID: 49613 // 
            
            
            
            JVNDB: JVNDB-2011-002233 // 
            
            
            
            CNNVD: CNNVD-201109-268 // 
            
            
            
            NVD: CVE-2011-3495

CREDITS
Luigi Auriemma
Trust: 0.3
sources:
            
            
            BID: 49613

SOURCES
db:IVDid:a471ceca-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3670
db:CNVDid:CNVD-2011-3674
db:CNVDid:CNVD-2011-3676
db:CNVDid:CNVD-2011-3675
db:CNVDid:CNVD-2011-3673
db:BIDid:49613
db:JVNDBid:JVNDB-2011-002233
db:CNNVDid:CNNVD-201109-268
db:NVDid:CVE-2011-3495

LAST UPDATE DATE
2024-08-14T14:52:48.810000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-3670date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3674date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3676date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3675date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3673date:2011-09-15T00:00:00
db:BIDid:49613date:2011-09-20T21:30:00
db:JVNDBid:JVNDB-2011-002233date:2011-09-26T00:00:00
db:CNNVDid:CNNVD-201109-268date:2011-09-19T00:00:00
db:NVDid:CVE-2011-3495date:2012-02-14T04:08:47.290

SOURCES RELEASE DATE
db:IVDid:a471ceca-2354-11e6-abef-000c29c66e3ddate:2011-09-19T00:00:00
db:CNVDid:CNVD-2011-3670date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3674date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3676date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3675date:2011-09-15T00:00:00
db:CNVDid:CNVD-2011-3673date:2011-09-15T00:00:00
db:BIDid:49613date:2011-09-13T00:00:00
db:JVNDBid:JVNDB-2011-002233date:2011-09-26T00:00:00
db:CNNVDid:CNNVD-201109-268date:2011-09-19T00:00:00
db:NVDid:CVE-2011-3495date:2011-09-16T17:26:14.683