Lucene search
IcscertCVE-2022-2895HistoryAug 31, 2022 - 9:15 p.m.
CVE-2022-2895
2022-08-3121:15:08
CWE-121
icscert
web.nvd.nist.gov
26
5
cve-2022-2895
measuresoft
scadapro server
activex controls
buffer overflow
nvd
security vulnerability
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.3%
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
Affected configurations
Node
measuresoftscadapro_server
| Vendor | Product | Version | CPE |
|---|---|---|---|
| measuresoft | scadapro_server | * | cpe:2.3:a:measuresoft:scadapro_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
]Social References
More
Related
zdi
zdi
prion
prion
Stack overflow
2022-08-31 21:15:00
nvd
nvd
CVE-2022-2895
2022-08-31 21:15:08
cvelist
cvelist
CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow
2022-08-31 20:54:54
ics
ics
Measuresoft ScadaPro Server and Client
2022-08-23 12:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.3%
Related for CVE-2022-2895