彙總 measuresoft 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、緩衝區溢位、記憶體損壞與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞、檔案覆寫與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-3746 | The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. | [email protected] | 6.8 | 0.06% | 2024-04-30 | 2025-06-18 |
| CVE-2022-3263 | The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | [email protected] | 7.8 | 0.03% | 2022-09-23 | 2024-11-21 |
| CVE-2022-2898 | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | [email protected] | 6.1 | 0.09% | 2022-08-31 | 2024-11-21 |
| CVE-2022-2897 | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | [email protected] | 7.8 | 0.06% | 2022-08-31 | 2024-11-21 |
| CVE-2022-2896 | Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | [email protected] | 7.8 | 0.11% | 2022-08-31 | 2024-11-21 |
| CVE-2022-2895 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. | [email protected] | 7.8 | 0.14% | 2022-08-31 | 2024-11-21 |
| CVE-2022-2894 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | [email protected] | 7.8 | 0.11% | 2022-08-31 | 2024-11-21 |
| CVE-2022-2892 | Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | [email protected] | 7.8 | 0.11% | 2022-08-31 | 2024-11-21 |
| CVE-2012-1824 | Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | [email protected] | 7.2 | 0.08% | 2012-05-25 | 2026-04-29 |
| CVE-2011-3497 | service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | [email protected] | 10.0 | 71.26% | 2011-09-16 | 2026-04-29 |
| CVE-2011-3496 | service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. | [email protected] | 10.0 | 12.87% | 2011-09-16 | 2026-04-29 |
| CVE-2011-3495 | Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. | [email protected] | 10.0 | 5.60% | 2011-09-16 | 2026-04-29 |
| CVE-2011-3490 | Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. | [email protected] | 10.0 | 40.57% | 2011-09-16 | 2026-04-29 |