Release DateOct 06, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a remote Command Execution vulnerability in Measuresoft ScadaPro.A vulnerability has been reported in ScadaPro that may allow an attacker to execute an arbitrary functions of a DLL on a vulnerable system. This is possible because the user input filters fail to properly sanitize the parameter value that is passed to "XF" command. |
Affected ProductsMeasuresoft ScadaPro 4.0.0 and earlier. |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3497CVE-2011-3493 CVE-2011-3500 CVE-2011-3501 CVE-2011-3502 |
Reference/shttp://aluigi.altervista.org/adv/scadapro_1-adv.txthttp://www.exploit-db.com/exploits/17848/ http://www.securityfocus.com/bid/49613 (BugTraq) http://www.securityfocus.com/bid/49610 (BugTraq) http://www.securityfocus.com/bid/49611 (BugTraq) |
