Movicon TcpUploadServer Data Leakage (remote check)
Medium Nessus Plugin ID 52995
SynopsisThe remote SCADA service leaks sensitive information.
DescriptionThe installed version of Movicon TcpUploadServer service listening on the remote host is affected by an information disclosure vulnerability. By sending a specially crafted request, an unauthenticated remote attacker can enumerate drives available on the remote system.
Although Nessus has not checked for them, the installed version is also likely to be affected by several other vulnerabilities, including denial of service, arbitrary file deletion, and arbitrary code execution.
SolutionUpgrade to Movicon 11.2 Build 1084 or later.