Measuresoft ScadaPro < 220.127.116.11 service.exe RF Command Arbitrary File Disclosure
High Nessus Plugin ID 59557
SynopsisThe remote Windows host has an application that is affected by an information disclosure vulnerability.
DescriptionThe remote install of Measuresoft ScadaPro allows an unauthenticated, remote attacker to read arbitrary files via a specially crafted RF command.
This service may also be affected by multiple stack-based buffer overflows and reportedly has commands that allow unauthenticated attackers to run arbitrary commands and modify or delete arbitrary files on the remote host.
SolutionUpgrade to ScadaPro 18.104.22.168 or later.