Skip to main content

Scadapro Server

9 CVEs product

Monthly

CVE-2024-3746 MEDIUM This Month

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2022-3263 HIGH This Week

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2898 MEDIUM This Month

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-2897 HIGH This Week

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Scadapro Client Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2896 HIGH This Week

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2895 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2894 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2892 HIGH PATCH This Week

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2012-1824 HIGH This Week

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD
CVSS 2.0
7.2
EPSS
0.1%
EPSS 0% CVSS 6.8
MEDIUM This Month

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Scadapro Client Scadapro Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Scadapro Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scadapro Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Scadapro Server
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy