Measuresoft ScadaPro < service.exe RF Command Arbitrary File Disclosure

High Nessus Plugin ID 59557


The remote Windows host has an application that is affected by an information disclosure vulnerability.


The remote install of Measuresoft ScadaPro allows an unauthenticated, remote attacker to read arbitrary files via a specially crafted RF command.

This service may also be affected by multiple stack-based buffer overflows and reportedly has commands that allow unauthenticated attackers to run arbitrary commands and modify or delete arbitrary files on the remote host.


Upgrade to ScadaPro or later.

See Also

Plugin Details

Severity: High

ID: 59557

File Name: scada_measuresoft_scadapro_directory_traversal.nbin

Version: $Revision: 1.24 $

Type: remote

Family: SCADA

Published: 2012/06/18

Modified: 2018/01/29

Dependencies: 11153

Risk Information

Risk Factor: High


Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:measuresoft:scadapro

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/09/15

Vulnerability Publication Date: 2011/09/13

Exploitable With

Metasploit (Measuresoft ScadaPro Remote Command Execution)

Reference Information

CVE: CVE-2011-3495

BID: 49613

OSVDB: 75487

EDB-ID: 17848