Lucene search

[email protected]CVE-2012-1824

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-1824

2022-10-0316:15:25

[email protected]

web.nvd.nist.gov

cve-2012-1824

untrusted search path vulnerability

measuresoft scadapro client

scadapro server

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Affected configurations

NVD

Node

measuresoftscadapro_clientRange≤3.3.1

measuresoftscadapro_serverRange≤3.3.1

CPENameOperatorVersion
measuresoft:scadapro_clientmeasuresoft scadapro clientle3.3.1
measuresoft:scadapro_servermeasuresoft scadapro serverle3.3.1

CPE	Name	Operator	Version
measuresoft:scadapro_client	measuresoft scadapro client	le	3.3.1
measuresoft:scadapro_server	measuresoft scadapro server	le	3.3.1

References

www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc

www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc

www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-1824

prion1 openvas1 ics1 cvelist1 nvd1