Lucene search
K

132 matches found

prion
prion
added 2022/08/31 9:15 p.m.15 views

Design/Logic Flaw

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

4.4CVSS7.5AI score0.00294EPSS
Exploits0References1Affected Software1
cve
cve
added 2022/08/31 8:54 p.m.63 views

CVE-2022-2894

CVE-2022-2894 – Measuresoft ScadaPro Server is associated with unmaintained ActiveX controls that may permit seven untrusted pointer dereference instances when processing a specific project file. The affected product is Measuresoft ScadaPro Server (and Client per related advisories) across all ve...

7.8CVSS7.5AI score0.00288EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/08/31 8:54 p.m.11 views

CVE-2022-2896 Measuresoft ScadaPro Server Use After Free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

7.8CVSS7.7AI score0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/08/31 8:54 p.m.8 views

CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following

Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow privilege escalation...

7.8CVSS7.7AI score0.00284EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/31 8:54 p.m.30 views

CVE-2022-2896 Measuresoft ScadaPro Server Use After Free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

7.8CVSS7.9AI score0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/08/31 8:54 p.m.9 views

CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following

Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow a denial-of-service condition...

6.1CVSS6.3AI score0.0022EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/31 8:54 p.m.27 views

CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following

Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow a denial-of-service condition...

6.1CVSS6.5AI score0.0022EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/31 8:54 p.m.31 views

CVE-2022-2894 Measuresoft ScadaPro Server Untrusted Pointer Dereference

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...

7.8CVSS7.8AI score0.00288EPSS
Exploits0References1
cve
cve
added 2022/08/31 8:54 p.m.57 views

CVE-2022-2897

CVE-2022-2897 affects Measuresoft ScadaPro Server and Client (all versions). The issue is improper link resolution before file access (link following) that can lead to local privilege escalation. Public sources describe a local attack requiring initial code execution by a low-privileged user, wit...

7.8CVSS7.6AI score0.00284EPSS
Exploits0References1Affected Software2
cve
cve
added 2022/08/31 8:54 p.m.53 views

CVE-2022-2898

CVE-2022-2898 affects Measuresoft ScadaPro Server and Client (All Versions). The issue is improper link resolution before file access (Link Following), leading to a Denial-of-Service condition. Exploitation in public advisories indicates a local attacker with low privileges may abuse the ScadaPro...

6.1CVSS5.7AI score0.0022EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2022/08/31 8:54 p.m.32 views

CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following

Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow privilege escalation...

7.8CVSS7.9AI score0.00284EPSS
Exploits0References1
cve
cve
added 2022/08/31 8:54 p.m.58 views

CVE-2022-2896

Measuresoft ScadaPro Server (All Versions) is affected by CVE-2022-2896 due to a use-after-free in processing a specific project file (ORM-related parsing). The vulnerability can lead to arbitrary code execution, as described by multiple sources (ZDI: remote code execution requiring user interact...

7.8CVSS7.7AI score0.0031EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/08/31 8:54 p.m.31 views

CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References1
cve
cve
added 2022/08/31 8:54 p.m.56 views

CVE-2022-2892

CVE-2022-2892 affects Measuresoft ScadaPro Server prior to 6.8.0.1. The flaw arises from an unmaintained ActiveX control used during processing of a specific project file, enabling an out-of-bounds write. The CVSS v3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, no p...

7.8CVSS7.6AI score0.00294EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/08/31 8:54 p.m.7 views

CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

7.8CVSS7.6AI score0.00294EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/31 8:54 p.m.24 views

CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...

7.8CVSS8AI score0.00294EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/08/31 8:54 p.m.8 views

CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References1
cve
cve
added 2022/08/31 8:54 p.m.55 views

CVE-2022-2895

CVE-2022-2895 affects Measuresoft ScadaPro Server (All Versions). The vulnerability stems from unmaintained ActiveX controls used by ScadaPro Server, enabling two stack-based buffer overflow instances while processing a specific project file. ZDI advisories describe remote code execution with use...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2022/08/24 12:0 a.m.6 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the target system using a specially crafted file...

7.8CVSS7.8AI score0.00294EPSS
Exploits0References3Affected Software1
zdi
zdi
added 2022/08/23 12:0 a.m.24 views

Measuresoft ScadaPro Server ORM File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS3.8AI score0.0031EPSS
Exploits0References1
Rows per page
Query Builder