CVE-2011-3497

Measuresoft ScadaPro <4.0.0 - RCE

Title source: llm

Description

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.

Exploits (2)

exploitdb WORKING POC

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17844

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Luigi Auriemma · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/scadapro_cmdexe.rb

View Code ZIP pw:eip

References (3)

[Exploit] http://aluigi.altervista.org/adv/scadapro_1-adv.txt

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

[Third Party Advisory] http://securityreason.com/securityalert/8382

Scores

EPSS 0.7231

EPSS Percentile 98.8%

Details

CWE

CWE-200

Status published

Products (45)

measuresoft/scadapro 2.1

measuresoft/scadapro 2.2

measuresoft/scadapro 2.3

measuresoft/scadapro 2.4

measuresoft/scadapro 2.4.1

measuresoft/scadapro 2.4.2

measuresoft/scadapro 2.4.3

measuresoft/scadapro 2.4.4

measuresoft/scadapro 2.4.5

measuresoft/scadapro 2.4.6

... and 35 more

Published Sep 16, 2011

Tracked Since Feb 18, 2026