{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-14T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8382", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8382"}, {"name": "17848", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/17848"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8382", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8382"}, {"name": "17848", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/17848"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"}, {"name": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:37:47.830Z"}, "title": "CVE Program Container", "references": [{"name": "8382", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8382"}, {"name": "17848", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/17848"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3496", "datePublished": "2011-09-16T17:00:00", "dateReserved": "2011-09-16T00:00:00", "dateUpdated": "2024-08-06T23:37:47.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:measuresoft:scadapro:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBFF5B3D-DABA-4E92-AC69-9998F288AA2B", "versionEndIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "74F85C2D-3377-4B8C-AF4B-FD01B0083794", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3D0C2F7-8054-4EA7-A693-137A17659C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86A0AD83-C41A-40F2-95BA-F3CEB36FF94D", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "597AFF74-46ED-4D6F-8BCE-504C74FBBEF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F1F33262-DE1E-4B8F-AFB9-F7BC299EAFF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7EEDC896-7F2A-40E7-ACCE-9C980F94E6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD97BE73-E811-4781-BFCE-5E9152E3BB36", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "7778862C-7D8C-4526-BDA4-C250F9D429BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F86E1457-0402-4D0E-8987-2EE76D7433CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "DA5165C7-A10F-4031-8BE3-AF498670C2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E1994D66-D899-43B2-BA68-227D00B393DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC28F1F0-DB4D-4F18-8C35-2A02CE0EC62F", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "651948B3-3E2A-40E3-9DAB-632D1B2F6B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "8B94500F-3900-4B2B-B5D8-6717F53D8E1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "93F4124D-9FD8-4AE0-8CA7-3C6221793EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "B6E993F5-FA92-40E1-80F3-55D5C9997764", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "385F7BD9-3673-468A-B763-589DA146FCBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABFE8459-F14D-47F0-837F-43DF6C135A3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "02306481-E4AF-426E-9CD1-8AF9AEFCF83B", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0616A546-65FD-4031-867F-A563A713EC41", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "862D8D68-F1E8-4296-B4A9-69BE4DCFD30E", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "74ADC027-F5E4-4333-9F8D-D78995ED29A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "78E84AEE-31D9-4C24-B43A-842F3797214A", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "9481EED9-65E7-4526-BA63-157754F573EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "A24F0D39-69D7-4551-8224-409EE89A9D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F04369CC-50E5-4ADC-BA6E-9A6691DF4FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3219CBC3-5FB0-4F7C-B85E-81E08681B6EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "93369CE3-F5B5-4646-90B3-8CD153B0F4D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7CF4079-FFB3-4014-8782-E6606AAB659F", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "763F55F8-4249-4872-856B-CF5A975345B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3405AE26-4017-4B6F-9B55-A295CE748617", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "825EAF60-1956-41C9-986E-381B2835040D", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "3932E319-BCFA-4D52-97CA-02994762169C", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "58B02AA7-2DB9-41D3-BE91-CC8763875512", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "CDA1B435-B62C-4033-A5A2-1E602E1505C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "3503871F-01AC-43F8-A062-E7989504B9F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "49B77571-7906-4448-AB5D-12BBF1CB9A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "C3B62A37-8C25-45F8-BB2F-8E7408482113", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A88F29C4-1569-4DE2-99D6-B432CCBFBC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "82B5B15E-C98D-43B6-BB34-D8FF2A2AC734", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "03951392-1524-468D-9E1F-0EC0A766EA8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "6B17D19A-383D-482B-B2B4-4377028234EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "16A82A50-EA8C-44AE-A290-CC44FF4F4E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:measuresoft:scadapro:3.9.15:*:*:*:*:*:*:*", "matchCriteriaId": "3FA791E9-0DE0-47F1-BF6F-1A58AD76C4DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command."}, {"lang": "es", "value": "service.exe de Measuresoft ScadaPro 4.0.0 y versiones anteriores permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un comando (1) BF, (2) OF, o (3) EF command."}], "id": "CVE-2011-3496", "lastModified": "2024-11-21T01:30:35.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-16T17:26:14.747", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8382"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/17848"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/scadapro_1-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/17848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}