PT-2022-4637 · Measuresoft · Measuresoft Scadapro Server+1
Andrea Micalizzi
+3
·
Published
2022-08-23
·
Updated
2022-09-02
·
CVE-2022-2898
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Measuresoft ScadaPro Server and Client (All Versions)
Description
The issue is related to the incorrect resolution of links before file access in the Measuresoft ScadaPro Server and Client. This could potentially allow a remote attacker to elevate their privileges or cause a denial-of-service condition.
Recommendations
For all versions, consider restricting access to the file system to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Measuresoft Scadapro Client
Measuresoft Scadapro Server