Shodan
Vulnerabilities
Vulnerable Software
Measuresoft:  Security Vulnerabilities
CVE-2024-3746
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-04-30
CVE-2022-3263
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-23
CVE-2022-2892
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-2894
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-2895
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-2896
Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-2897
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-31
CVE-2022-2898
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-08-31
CVE-2012-1824
Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS Score
7.2
EPSS Score
0.001
Published
2012-05-25
CVE-2011-3495
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
CVSS Score
10.0
EPSS Score
0.083
Published
2011-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved