CVE-2011-3490

Measuresoft ScadaPro <4.0.0 - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17848

View Code ZIP pw:eip

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/17844

View Code ZIP pw:eip

References (4)

[Exploit] http://aluigi.altervista.org/adv/scadapro_1-adv.txt

[Exploit] http://www.exploit-db.com/exploits/17848

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

[Third Party Advisory] http://securityreason.com/securityalert/8382

Scores

EPSS 0.4057

EPSS Percentile 97.4%

Details

CWE

CWE-119

Status published

Products (45)

measuresoft/scadapro 2.1

measuresoft/scadapro 2.2

measuresoft/scadapro 2.3

measuresoft/scadapro 2.4

measuresoft/scadapro 2.4.1

measuresoft/scadapro 2.4.2

measuresoft/scadapro 2.4.3

measuresoft/scadapro 2.4.4

measuresoft/scadapro 2.4.5

measuresoft/scadapro 2.4.6

... and 35 more

Published Sep 16, 2011

Tracked Since Feb 18, 2026