Signature Detail
Short Name |
SCADA:MEASURESOFT-SCADAPRO-RCE |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SCADA |
Keywords |
Measuresoft ScadaPro Service Remote Code Execution |
Release Date |
2012/11/14 |
Update Number |
2203 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCADA: Measuresoft ScadaPro Service Remote Code Execution
This signature detects attempts to exploit a known flaw in Measuresoft ScadaPro. Versions 4.0.0 and earlier are vulnerable to several different buffer overflows and input sanitation attacks. A successful attack could result in arbitrary code execution, information disclosure, or a denial of service (DoS) of the targeted device.
Extended Description
Measuresoft ScadaPro is prone to multiple security vulnerabilities. Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions.
Affected Products
- Measuresoft ScadaPro 4.0.0
- Measuresoft ScadaPro
References
- BugTraq: 49613
- CVE: CVE-2011-3490
- URL: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf