CVE-2024-3746
published 2024-04-30CVE-2024-3746: The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or…
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.18%
8.0th percentile
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| measuresoft | scadapro | — | — |
| measuresoft | scadapro_server | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv4.06.8MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Measuresoft ScadaPro
cisa_ics·2024-04-16·CVSS 6.8
[MEDIUM] Measuresoft ScadaPro
ICS Advisory
##
Measuresoft ScadaPro
Release DateApril 16, 2024
Alert CodeICSA-24-107-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.8
- ATTENTION: Low attack complexity
- Vendor: Measuresoft
- Equipment: ScadaPro
- Vulnerability: Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to escalate their privileges from unprivileged to SYSTEM privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of ScadaPro, a supervisory control and data acquisition (SCADA) system, are affected:
- ScadaPro: version 6.9.0.0
## 3.2 Vulnerability Overview
## 3.2.1 IMPROPER ACCESS CONTROL CWE-284
The entire parent directory - C:\ScadaPro and its sub-directories and files are conf
GHSA
GHSA-hfcj-g47m-8fvx: The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to
ghsa_unreviewed·2024-04-30
CVE-2024-3746 [MEDIUM] CWE-284 GHSA-hfcj-g47m-8fvx: The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to
The entire parent directory - C:\ScadaPro and its sub-directories and
files are configured by default to allow user, including unprivileged
users, to write or overwrite files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-30
Published