CVE-2011-3490

Measuresoft ScadaPro <4.0.0 - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17848

View Code ZIP pw:eip

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/17844

View on exploitdb

References (4)

[Exploit] http://aluigi.altervista.org/adv/scadapro_1-adv.txt

[Exploit] http://www.exploit-db.com/exploits/17848

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

[Third Party Advisory] http://securityreason.com/securityalert/8382

Scores

EPSS 0.1994

EPSS Percentile 95.4%

Classification

CWE

CWE-119

Status draft

Affected Products (45)

measuresoft/scadapro < 4.0.0

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

measuresoft/scadapro

... and 30 more

Timeline

Published Sep 16, 2011

Tracked Since Feb 18, 2026