Progea Movicon < 11.3 Memory Corruption Vulnerability

high Nessus Network Monitor Plugin ID 7129

Synopsis

A vulnerable version of Progea Movicon has been detected.

Description

The detected version of Progea Movicon contains a memory corruption vulnerability. This vulnerability can be exploited by sending a specially crafted HTTP POST request to the Movicon OPC server. The specially crafted HTTP POST will cause the application to read out-of-bounds memory resulting in a denial of service.

Solution

Upgrade to Progea Movicon 11.3 or later.

Plugin Details

Severity: High

ID: 7129

Version: 1.0

Family: SCADA

Published: 7/3/2014

Updated: 8/16/2018

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:progea:movicon

Patch Publication Date: 5/14/2012

Vulnerability Publication Date: 5/14/2012

Reference Information

CVE: CVE-2012-1804

BID: 53484

Detections

Analytics