May 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Severity
High
Analysis Summary
CVE-2022-2892 CVSS:7.8
The affected product uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
CVE-2022-2894 CVSS:7.8
ScadaPro Server uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
CVE-2022-2895 CVSS:7.8
ScadaPro Server uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
CVE-2022-2896 CVSS:7.8
ScadaPro Server allows use after free while processing a specific project file.
CVE-2022-2897 CVSS:7.8
ScadaPro Server and ScadaPro Server Client do not properly resolve links before file access; this could allow privilege escalation.
CVE-2022-2898 CVSS:6.1
ScadaPro Server and ScadaPro Server Client do not properly resolve links before file access; this could allow a denial-of-service condition.
Impact
- Code Execution
- Denia of Service
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-2234
Affected Vendors
Measuresoft
Affected Products
- ScadaPro Server: Versions prior to 6.8.0.1
- ScadaPro Server and Client: All Versions
Remediation
Refer to CISA-CERT Advisory for the patch, upgrade, or suggested workaround information.
Measuresoft ScadaPro Server
Measuresoft ScadaPro Server and Client
