132 matches found
Design/Logic Flaw
Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...
CVE-2022-2894
CVE-2022-2894 – Measuresoft ScadaPro Server is associated with unmaintained ActiveX controls that may permit seven untrusted pointer dereference instances when processing a specific project file. The affected product is Measuresoft ScadaPro Server (and Client per related advisories) across all ve...
CVE-2022-2896 Measuresoft ScadaPro Server Use After Free
Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...
CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following
Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow privilege escalation...
CVE-2022-2896 Measuresoft ScadaPro Server Use After Free
Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...
CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following
Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow a denial-of-service condition...
CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following
Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow a denial-of-service condition...
CVE-2022-2894 Measuresoft ScadaPro Server Untrusted Pointer Dereference
Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...
CVE-2022-2897
CVE-2022-2897 affects Measuresoft ScadaPro Server and Client (all versions). The issue is improper link resolution before file access (link following) that can lead to local privilege escalation. Public sources describe a local attack requiring initial code execution by a low-privileged user, wit...
CVE-2022-2898
CVE-2022-2898 affects Measuresoft ScadaPro Server and Client (All Versions). The issue is improper link resolution before file access (Link Following), leading to a Denial-of-Service condition. Exploitation in public advisories indicates a local attacker with low privileges may abuse the ScadaPro...
CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following
Measuresoft ScadaPro Server and Client All Versions do not properly resolve links before file access; this could allow privilege escalation...
CVE-2022-2896
Measuresoft ScadaPro Server (All Versions) is affected by CVE-2022-2896 due to a use-after-free in processing a specific project file (ORM-related parsing). The vulnerability can lead to arbitrary code execution, as described by multiple sources (ZDI: remote code execution requiring user interact...
CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write
Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...
CVE-2022-2892
CVE-2022-2892 affects Measuresoft ScadaPro Server prior to 6.8.0.1. The flaw arises from an unmaintained ActiveX control used during processing of a specific project file, enabling an out-of-bounds write. The CVSS v3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, no p...
CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write
Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...
CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow
Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...
CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow
Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...
CVE-2022-2895
CVE-2022-2895 affects Measuresoft ScadaPro Server (All Versions). The vulnerability stems from unmaintained ActiveX controls used by ScadaPro Server, enabling two stack-based buffer overflow instances while processing a specific project file. ZDI advisories describe remote code execution with use...
The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.
The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the target system using a specially crafted file...
Measuresoft ScadaPro Server ORM File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Measuresoft ScadaPro Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...