CVE-2011-3495

Measuresoft ScadaPro <4.0.0 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/17844

View Code ZIP pw:eip

References (3)

[Exploit] http://aluigi.altervista.org/adv/scadapro_1-adv.txt

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

[Third Party Advisory] http://securityreason.com/securityalert/8382

Scores

EPSS 0.0599

EPSS Percentile 90.7%

Details

CWE

CWE-22

Status published

Products (45)

measuresoft/scadapro 2.1

measuresoft/scadapro 2.2

measuresoft/scadapro 2.3

measuresoft/scadapro 2.4

measuresoft/scadapro 2.4.1

measuresoft/scadapro 2.4.2

measuresoft/scadapro 2.4.3

measuresoft/scadapro 2.4.4

measuresoft/scadapro 2.4.5

measuresoft/scadapro 2.4.6

... and 35 more

Published Sep 16, 2011

Tracked Since Feb 18, 2026