Measuresoft ScadaPro Path Subversion Arbitrary DLL Injection Code Execution

High Nessus Plugin ID 59559


The remote Windows host has an application installed that has an arbitrary code execution vulnerability.


The remote Windows host has a version of Measuresoft ScadaPro prior to version As such, it reportedly has a DLL loading vulnerability that can be exploited by placing a Trojan DLL into a folder on the victim host where it could be loaded before a valid DLL.


Upgrade to ScadaPro or later.

Plugin Details

Severity: High

ID: 59559

File Name: scada_measuresoft_scadapro_dll_loading_rce.nbin

Version: $Revision: 1.23 $

Type: local

Family: SCADA

Published: 2012/06/18

Modified: 2018/01/29

Dependencies: 59556

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:measuresoft:scadapro

Required KB Items: SCADA/Apps/Measuresoft/ScadaPro/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/04/07

Vulnerability Publication Date: 2012/05/24

Reference Information

CVE: CVE-2012-1824

BID: 53681

OSVDB: 82233

ICSA: 12-145-01