Rgod777

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server version 6.7 **Description** The issue is related to improper access control in the security descriptor of the SCADA server, which could allow a local user with limited privileges to modify the service binary path. This could enable an attacker to execute arbitrary commands with system privileges. **Recommendations** For Measuresoft ScadaPro Server version 6.7, consider restricting access to the service binary path to prevent modification and limit the execution of malicious commands until a patch is available. As a temporary workaround, review and enforce strict access controls on the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server (All Versions) **Description** The issue is related to the use of unmaintained ActiveX controls in Measuresoft ScadaPro Server, which may allow untrusted pointer deference instances while processing a specific project file. This could enable a remote attacker to execute arbitrary code. The exploitation of this issue is associated with the dereference of an untrusted pointer. **Recommendations** For all versions, consider disabling the use of ActiveX controls until a patch or update is available to mitigate the risk of exploitation. Restrict access to specific project files that may trigger the vulnerability to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server (All Versions) **Description** The issue is related to the use of unmaintained ActiveX controls in Measuresoft ScadaPro Server, which may lead to two stack-based buffer overflow instances when processing a specific project file. This can allow a remote attacker to execute arbitrary code by exploiting the buffer overflow vulnerability. The vulnerability is associated with reading data beyond the buffer boundaries in memory. **Recommendations** For all versions of Measuresoft ScadaPro Server, consider disabling the use of ActiveX controls until a patch or update is available to mitigate the risk of exploitation. Restrict access to project files that could potentially trigger the buffer overflow to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server (All Versions) **Description** The issue is related to a use-after-free condition when processing a specific project file, which can allow an attacker to execute arbitrary code remotely. This is associated with the improper use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server and Client (All Versions) **Description** The issue is related to the improper resolution of links before file access, which could allow privilege escalation. This could potentially be exploited by a remote attacker to elevate their privileges. **Recommendations** For all versions, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Measuresoft ScadaPro Server and Client (All Versions) **Description** The issue is related to the incorrect resolution of links before file access in the Measuresoft ScadaPro Server and Client. This could potentially allow a remote attacker to elevate their privileges or cause a denial-of-service condition. **Recommendations** For all versions, consider restricting access to the file system to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.