Movicon TcpUploadServer Data Leakage (remote check)

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote SCADA service leaks sensitive information.

Description :

The installed version of Movicon TcpUploadServer service listening on
the remote host is affected by an information disclosure
vulnerability. By sending a specially crafted request, an
unauthenticated remote attacker can enumerate drives available on the
remote system.

Although Nessus has not checked for them, the installed version is
also likely to be affected by several other vulnerabilities, including
denial of service, arbitrary file deletion, and arbitrary code
execution.

See also :

http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf

Solution :

Upgrade to Movicon 11.2 Build 1084 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 52995 ()

Bugtraq ID: 46907

CVE ID: