CVE-2011-3496 Information

Description

service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF (2) OF or (3) EF command.

Reference

http://aluigi.altervista.org/adv/scadapro_1-adv.txt http://securityreason.com/securityalert/8382 http://www.exploit-db.com/exploits/17848 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-04.pdf