Measuresoft ScadaPro Remote Command Execution
Rocco Calvi
- Affected Vendor
- Measuresoft
- Affected Product
- ScadaPro
- Exploit Type
- Metasploit Module
- Metasploit Module
exploit/windows/scada/scadapro_cmdexe
Description
Remote attackers can execute arbitrary commands on Measuresoft ScadaPro 4.0.0 and earlier through directory traversal exploitation of the ‘xf’ (execute function) command. The vulnerability allows attackers to invoke system() from msvcrt.dll to deploy backdoors and achieve remote code execution.