Measuresoft ScadaPro < service.exe Multiple Vulnerabilities (credentialed check)

Critical Nessus Plugin ID 59558


The remote Windows host has an application installed with multiple vulnerabilities.


The remote Windows host has a version of Measuresoft ScadaPro prior to version As such, it reportedly has multiple vulnerabilities in service.exe that can be remotely exploited. This includes multiple stack-based buffer overflows and several poorly implemented commands that can be executed without authentication remotely that allow complete access to files and the ability to execute arbitrary commands.


Upgrade to ScadaPro or later.

See Also

Plugin Details

Severity: Critical

ID: 59558

File Name: scada_measuresoft_scadapro_multiple_server_local.nbin

Version: $Revision: 1.89 $

Type: local

Family: SCADA

Published: 2012/06/18

Modified: 2018/02/14

Dependencies: 13855, 59556

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:measuresoft:scadapro

Required KB Items: SCADA/Apps/Measuresoft/ScadaPro/Installed, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/09/15

Vulnerability Publication Date: 2011/09/13

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Measuresoft ScadaPro Remote Command Execution)

Reference Information

CVE: CVE-2011-3490, CVE-2011-3495, CVE-2011-3497

BID: 49613

OSVDB: 75486, 75487, 75488, 75489

EDB-ID: 17848