CVE-2011-3496

Measuresoft ScadaPro <4.0.0 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3496. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Measuresoft ScadaPro to execute arbitrary commands via the 'xf' command, leveraging msvcrt.dll to upload and execute a backdoor.

Description

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17848

This Metasploit module exploits a directory traversal vulnerability in Measuresoft ScadaPro to execute arbitrary commands via the 'xf' command, leveraging msvcrt.dll to upload and execute a backdoor.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Measuresoft ScadaPro <= 4.0.0
No auth needed
Prerequisites: Network access to the target system · ScadaPro service running on port 11234
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/17844

This is a detailed technical analysis of multiple vulnerabilities in Measuresoft ScadaPro, including arbitrary command execution, directory traversal, and stack overflow vulnerabilities. The writeup includes disassembly snippets, opcode analysis, and proof-of-concept references.

Classification
Writeup 95%
Attack Type
Rce | Info Leak | Dos
Complexity
Moderate
Reliability
Reliable
Target: Measuresoft ScadaPro <= 4.0.0
No auth needed
Prerequisites: Network access to port 11234
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8382
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17848

Scores

EPSS 0.1437
EPSS Percentile 96.2%

Details

CWE
CWE-20
Status published
Products (45)
measuresoft/scadapro 2.1
measuresoft/scadapro 2.2
measuresoft/scadapro 2.3
measuresoft/scadapro 2.4
measuresoft/scadapro 2.4.1
measuresoft/scadapro 2.4.2
measuresoft/scadapro 2.4.3
measuresoft/scadapro 2.4.4
measuresoft/scadapro 2.4.5
measuresoft/scadapro 2.4.6
... and 35 more
Published Sep 16, 2011
Tracked Since Feb 18, 2026