Lucene search

CertccCVE-2012-1824

HistoryMay 25, 2012 - 7:55 p.m.

CVE-2012-1824

2012-05-2519:55:01

certcc

web.nvd.nist.gov

cve-2012-1824

untrusted search path vulnerability

measuresoft scadapro client

scadapro server

privilege escalation

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

0.4%

JSON

Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Affected configurations

Nvd

Node

measuresoftscadapro_clientRange≤3.3.1

measuresoftscadapro_serverRange≤3.3.1

VendorProductVersionCPE
measuresoftscadapro_client*cpe:2.3:a:measuresoft:scadapro_client:*:*:*:*:*:*:*:*
measuresoftscadapro_server*cpe:2.3:a:measuresoft:scadapro_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
measuresoft	scadapro_client	*	cpe:2.3:a:measuresoft:scadapro_client::::::::
measuresoft	scadapro_server	*	cpe:2.3:a:measuresoft:scadapro_server::::::::

References

www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc

www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc

www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-1824