Movicon TcpUploadServer Data Leakage (remote check)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote SCADA service leaks sensitive information.

Description :

The installed version of Movicon TcpUploadServer service listening on
the remote host is affected by an information disclosure
vulnerability. By sending a specially crafted request, an
unauthenticated remote attacker can enumerate drives available on the
remote system.

Although Nessus has not checked for them, the installed version is
also likely to be affected by several other vulnerabilities, including
denial of service, arbitrary file deletion, and arbitrary code

See also :

Solution :

Upgrade to Movicon 11.2 Build 1084 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 52995 ()

Bugtraq ID: 46907


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now