Movicon TcpUploadServer Data Leakage (remote check)

Medium Nessus Plugin ID 52995


The remote SCADA service leaks sensitive information.


The installed version of Movicon TcpUploadServer service listening on the remote host is affected by an information disclosure vulnerability. By sending a specially crafted request, an unauthenticated remote attacker can enumerate drives available on the remote system.

Although Nessus has not checked for them, the installed version is also likely to be affected by several other vulnerabilities, including denial of service, arbitrary file deletion, and arbitrary code execution.


Upgrade to Movicon 11.2 Build 1084 or later.

See Also

Plugin Details

Severity: Medium

ID: 52995

File Name: scada_movicon_tcpuploadserver_data_leakage.nbin

Version: $Revision: 1.21 $

Type: remote

Family: SCADA

Published: 2011/03/25

Modified: 2018/01/29

Dependencies: 52994

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/15

Vulnerability Publication Date: 2011/03/15

Reference Information

BID: 46907

OSVDB: 78614

EDB-ID: 17034