1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Measuresoft SCADA Command Execution

Attack: Measuresoft SCADA Command Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to a remote command execution vulnerability in Measuresoft SCADA application.

Additional Information

Measuresoft ScadaPro is a SCADA application used for data acquisition.

Measuresoft ScadaPro is prone to the following vulnerabilities:

1. Multiple stack-based buffer-overflow issues occur in the 'service.exe' service, which listens by default on TCP port 11234, when copying an overly long full path string into a fixed-size buffer. These issues occur when handing almost all of the supporting commands (such as 'TF') that are divided in the 'sscanf' and in-line 'strcpy' functions.

2. Multiple directory-traversal vulnerabilities exist because the application fails to properly sanitize user-supplied input submitted through the 'RF' and 'WF' commands. This can allow an attacker to read and write 'UF' and 'NF' commands, which can allow an attacker to delete arbitrary files from the system.

3. Multiple remote command-execution vulnerabilities occur because the application fails to sufficiently sanitize user-supplied input submitted to the parameters through the 'BF', 'OF', 'EF', and 'XF' commands.

Exploiting these issues could allow remote attackers to perform unauthorized actions using directory traversal strings or to execute arbitrary code or commands within the context of the affected application. Failed attempts will likely cause denial-of-service conditions.

Affected

  • Measuresoft ScadaPro 4.0

Response

Vendor has issued an update to resolve this issue. Please visit the vendor's website for further details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube