CVE-2022-2895

Name of the Vulnerable Software and Affected Versions Measuresoft ScadaPro Server (All Versions)

Description The issue is related to the use of unmaintained ActiveX controls in Measuresoft ScadaPro Server, which may lead to two stack-based buffer overflow instances when processing a specific project file. This can allow a remote attacker to execute arbitrary code by exploiting the buffer overflow vulnerability. The vulnerability is associated with reading data beyond the buffer boundaries in memory.

Recommendations For all versions of Measuresoft ScadaPro Server, consider disabling the use of ActiveX controls until a patch or update is available to mitigate the risk of exploitation. Restrict access to project files that could potentially trigger the buffer overflow to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.