CVE-2011-3490

EPSS 36.4%

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencewww.exploit-db.com/exploits/17848unverified exploitdbwww.exploit-db.com/exploits/17844unverified exploitdbwww.exploit-db.com/exploits/17848unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/scadapro_1-adv.txt http://securityreason.com/securityalert/8382 http://www.exploit-db.com/exploits/17848 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf