CVE-2011-3495

critical

Description

Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

http://securityreason.com/securityalert/8382

Details

Source: Mitre, NVD

Published: 2011-09-16

Updated: 2012-02-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N