Measuresoft created an upgrade that fixes the remotely exploitable, uncontrolled search path element vulnerability, or a DLL hijack, in its ScadaPro application.
ScadaPro Server, prior to Version 4.0.0, and ScadaPro Client, prior to Version 4.0.0 all suffer from the issue discovered by independent researcher Carlos Mario Penagos Hollmann, who also verified the upgrade resolves the vulnerability, according to a release on ICS-CERT.
An attacker could exploit the hole, which would lead to arbitrary code execution.
ScadaPro is a supervisory control and data acquisition (SCADA) system used in the power generation, oil and gas, pharmaceuticals, and manufacturing sectors. ScadaPro sees use in multiple countries by various third-party distributors, making total deployment difficult to quantify.
Louth, Ireland-based Measuresoft Development Ltd. also has an office in Missouri City, TX.
ScadaPro uses a fixed or controlled search path to find resources, which could allow an unauthorized user to easily locate and exploit one or more locations. An unauthorized user could place a malicious DLL in a directory where it could load before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability.
CVE-2012-1824 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.
Here is the ScadaPro Server upgrade.
Here is the ScadaPro Client upgrade.