Home -> Resources -> SCADA/ICS Vulnerability Reference -> Measuresoft ScadaPro

Measuresoft ScadaPro Multiple Vulnerabilities

September 13, 2011

Luigi Auriemma has publically disclosed the following vulnerability pertaining to the Measuresoft ScadaPro application.

Measuresoft ScadaPro is prone to multiple security vulnerabilities.

Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions.

ICS-CERT Advisories / Alerts

ICSA-11-263-01
ICS-ALERT-11-256-04

Vendor Website (include Patches / Hotfixes)

Vendor Homepage
ScadaPro Server Product Info

Exploit Proof-of-Concept

Metasploit Framework (windows/scada/scadapro_cmdexe)
Exploit-DB ID 17848 (Metasploit Module)
Exploit-DB ID 17844
Additional PoC links available in Disclosure Reference by Luigi Auriemma

Common Vulnerability & Exposure (CVE) References

CVE-2011-3490
CVE-2011-3495
CVE-2011-3496
CVE-2011-3497

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 17844
Exploit-DB ID 17848 (Metasploit Module)
Secunia Advisory #45973
Security Focus Vulnerability Info and Exploit Bugtraq ID 49613

SCADA Alert: Fixes in Works (ISSSource)
More SCADA Vulnerabilities Hit Industry (ISSSource)