CVE-2011-3497

critical

Description

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf

http://securityreason.com/securityalert/8382

Details

Source: Mitre, NVD

Published: 2011-09-16

Updated: 2012-02-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H