CVE-2022-2896

Published: Aug 31, 2022Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.

Affected (1)

Products: Measuresoft: Scadapro Server

1 product

Scadapro Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Measuresoft Scadapro Server	All versions

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.