CVE-2011-3490

Name of the Vulnerable Software and Affected Versions Measuresoft ScadaPro versions 4.0.0 and earlier

Description The issue is related to multiple stack-based buffer overflows in service.exe, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234. This can be achieved by sending a specific command, such as the TF command, to the affected service.

Recommendations For Measuresoft ScadaPro versions 4.0.0 and earlier, consider restricting access to port 11234 to minimize the risk of exploitation. As a temporary workaround, limit the length of commands accepted by the service.exe to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.