CVE-2011-3496

Published Sep 16, 2011
Last updated a month ago
CVSS info 10.0
Overview

Description: service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
Source: cve@mitre.org
NVD status: Deferred
Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B",
            "versionEndIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D"
          },
          {
            "criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
