CyberSec.Space Logo
Back to CVE Browser

CVE-2011-3490

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile43.40th
PublishedSep 16, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.

Affected Platforms (CPE)

πŸ“¦
Measuresoft

Scadapro

<= 4.0.0
πŸ“¦
Measuresoft

Scadapro

= 2.1
πŸ“¦
Measuresoft

Scadapro

= 2.2
πŸ“¦
Measuresoft

Scadapro

= 2.3
πŸ“¦
Measuresoft

Scadapro

= 2.4
πŸ“¦
Measuresoft

Scadapro

= 2.4.1
πŸ“¦
Measuresoft

Scadapro

= 2.4.2
πŸ“¦
Measuresoft

Scadapro

= 2.4.3
πŸ“¦
Measuresoft

Scadapro

= 2.4.4
πŸ“¦
Measuresoft

Scadapro

= 2.4.5
πŸ“¦
Measuresoft

Scadapro

= 2.4.6
πŸ“¦
Measuresoft

Scadapro

= 2.5
πŸ“¦
Measuresoft

Scadapro

= 2.5.1
πŸ“¦
Measuresoft

Scadapro

= 2.5.2
πŸ“¦
Measuresoft

Scadapro

= 2.5.3
πŸ“¦
Measuresoft

Scadapro

= 2.5.4
πŸ“¦
Measuresoft

Scadapro

= 2.5.5
πŸ“¦
Measuresoft

Scadapro

= 2.6.0
πŸ“¦
Measuresoft

Scadapro

= 2.7.0
πŸ“¦
Measuresoft

Scadapro

= 2.7.1
πŸ“¦
Measuresoft

Scadapro

= 2.7.2
πŸ“¦
Measuresoft

Scadapro

= 2.8.0
πŸ“¦
Measuresoft

Scadapro

= 2.9.0
πŸ“¦
Measuresoft

Scadapro

= 3.1.0
πŸ“¦
Measuresoft

Scadapro

= 3.2.8
πŸ“¦
Measuresoft

Scadapro

= 3.2.9
πŸ“¦
Measuresoft

Scadapro

= 3.3.0
πŸ“¦
Measuresoft

Scadapro

= 3.3.1
πŸ“¦
Measuresoft

Scadapro

= 3.3.2
πŸ“¦
Measuresoft

Scadapro

= 3.9.0
πŸ“¦
Measuresoft

Scadapro

= 3.9.1
πŸ“¦
Measuresoft

Scadapro

= 3.9.2
πŸ“¦
Measuresoft

Scadapro

= 3.9.3
πŸ“¦
Measuresoft

Scadapro

= 3.9.4
πŸ“¦
Measuresoft

Scadapro

= 3.9.5
πŸ“¦
Measuresoft

Scadapro

= 3.9.6
πŸ“¦
Measuresoft

Scadapro

= 3.9.7
πŸ“¦
Measuresoft

Scadapro

= 3.9.8
πŸ“¦
Measuresoft

Scadapro

= 3.9.9
πŸ“¦
Measuresoft

Scadapro

= 3.9.10
πŸ“¦
Measuresoft

Scadapro

= 3.9.11
πŸ“¦
Measuresoft

Scadapro

= 3.9.12
πŸ“¦
Measuresoft

Scadapro

= 3.9.13
πŸ“¦
Measuresoft

Scadapro

= 3.9.14
πŸ“¦
Measuresoft

Scadapro

= 3.9.15

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/scadapro_1-adv.txt
πŸ”— http://securityreason.com/securityalert/8382
πŸ”— http://www.exploit-db.com/exploits/17848
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf
πŸ”— http://aluigi.altervista.org/adv/scadapro_1-adv.txt
πŸ”— http://securityreason.com/securityalert/8382
πŸ”— http://www.exploit-db.com/exploits/17848
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

Related Vulnerabilities

CVE-2011-349510.0

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to re...

CVE-2011-349610.0

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacte...

CVE-2011-349710.0

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF functi...

CVE-2012-18247.2

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local user...