CVE-2011-3496

Measuresoft ScadaPro <4.0.0 - Command Injection

Title source: llm

Description

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17848

View Code ZIP pw:eip

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/17844

View Code ZIP pw:eip

References (4)

[Exploit] http://aluigi.altervista.org/adv/scadapro_1-adv.txt

[Exploit] http://www.exploit-db.com/exploits/17848

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

[Third Party Advisory] http://securityreason.com/securityalert/8382

Scores

EPSS 0.1287

EPSS Percentile 94.1%

Details

CWE

CWE-20

Status published

Products (45)

measuresoft/scadapro 2.1

measuresoft/scadapro 2.2

measuresoft/scadapro 2.3

measuresoft/scadapro 2.4

measuresoft/scadapro 2.4.1

measuresoft/scadapro 2.4.2

measuresoft/scadapro 2.4.3

measuresoft/scadapro 2.4.4

measuresoft/scadapro 2.4.5

measuresoft/scadapro 2.4.6

... and 35 more

Published Sep 16, 2011

Tracked Since Feb 18, 2026