PT-2011-4478 · Measuresoft · Scadapro
Luigi Auriemma
·
Publicado
2011-09-16
·
Atualizado
2012-02-14
·
CVE-2011-3497
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Measuresoft ScadaPro versions 4.0.0 and earlier
Description
The issue allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
Recommendations
For versions 4.0.0 and earlier, consider disabling the XF function as a temporary workaround until a patch is available. Restrict access to the service.exe to minimize the risk of exploitation.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Scadapro