CVE-2011-3495

Measuresoft ScadaPro <4.0.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3495.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Measuresoft ScadaPro, including arbitrary command execution, directory traversal, and stack overflow vulnerabilities. The writeup includes disassembly snippets, opcode analysis, and proof-of-concept examples for exploitation.

Description

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/17844

This is a detailed technical analysis of multiple vulnerabilities in Measuresoft ScadaPro, including arbitrary command execution, directory traversal, and stack overflow vulnerabilities. The writeup includes disassembly snippets, opcode analysis, and proof-of-concept examples for exploitation.

Classification
Writeup 100%
Attack Type
Rce | Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Measuresoft ScadaPro <= 4.0.0
No auth needed
Prerequisites: Network access to port 11234
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8382

Scores

EPSS 0.1080
EPSS Percentile 95.3%

Details

CWE
CWE-22
Status published
Products (45)
measuresoft/scadapro 2.1
measuresoft/scadapro 2.2
measuresoft/scadapro 2.3
measuresoft/scadapro 2.4
measuresoft/scadapro 2.4.1
measuresoft/scadapro 2.4.2
measuresoft/scadapro 2.4.3
measuresoft/scadapro 2.4.4
measuresoft/scadapro 2.4.5
measuresoft/scadapro 2.4.6
... and 35 more
Published Sep 16, 2011
Tracked Since Feb 18, 2026