SB2022082402 - Multiple vulnerabilities in Measuresoft ScadaPro Server and Client
Published: August 24, 2022 Updated: August 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Untrusted Pointer Dereference (CVE-ID: CVE-2022-2894)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error in ActiveX controls. A remote attacker can use a specially crafted project file and execute arbitrary code on the target system.
2) Stack-based buffer overflow (CVE-ID: CVE-2022-2895)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error ActiveX controls when processing a specific project file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use-after-free (CVE-ID: CVE-2022-2896)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error while processing a specific project ORM file. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Link following (CVE-ID: CVE-2022-2897)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the affected application does not properly resolve links before file access. A local user can escalate privileges on the target system.
5) Link following (CVE-ID: CVE-2022-2898)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected application does not properly resolve links before file access. A local user can cause a denial of service condition on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://ics-cert.us-cert.gov/advisories/icsa-22-235-06
- https://www.zerodayinitiative.com/advisories/ZDI-22-1140/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1139/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1138/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1137/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1136/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1135/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1134/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1142/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1141/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1143/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1149/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1148/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1147/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1146/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1145/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1144/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1132/
- https://www.zerodayinitiative.com/advisories/ZDI-22-1131/