CVE-2022-2894

Name of the Vulnerable Software and Affected Versions Measuresoft ScadaPro Server (All Versions)

Description The issue is related to the use of unmaintained ActiveX controls in Measuresoft ScadaPro Server, which may allow untrusted pointer deference instances while processing a specific project file. This could enable a remote attacker to execute arbitrary code. The exploitation of this issue is associated with the dereference of an untrusted pointer.

Recommendations For all versions, consider disabling the use of ActiveX controls until a patch or update is available to mitigate the risk of exploitation. Restrict access to specific project files that may trigger the vulnerability to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.