Movicon < 11.2 Build 1084 Multiple Vulnerabilities

High Nessus Plugin ID 52993


The remote Windows host has a SCADA application that is affected by multiple flaws.


The installed version of Movicon is older than 11.2 Build 1084, and hence it is affected by multiple flaws. By sending a specially crafted packet to the TcpUploadServer service (included with Movicon) listening on port 10651, it might be possible for an unauthenticated attacker to crash the service, retrieve sensitive information, or execute arbitrary code on the remote system.


Upgrade to Movicon 11.2 Build 1084 or later.

See Also

Plugin Details

Severity: High

ID: 52993

File Name: scada_movicon_11_2.nbin

Version: $Revision: 1.21 $

Type: local

Family: SCADA

Published: 2011/03/25

Modified: 2018/01/29

Dependencies: 52992, 52994

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SCADA/Apps/Movicon/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/15

Vulnerability Publication Date: 2011/03/15

Reference Information

CVE: CVE-2011-2963

BID: 46907

OSVDB: 72888

EDB-ID: 17034

ICS-ALERT: 11-056-01, 11-056-01A