Progea Movicon < 11.4 Build 1150 Information Disclosure Vulnerability

Medium Nessus Network Monitor Plugin ID 7128

Synopsis

A vulnerable version of Progea Movicon has been detected.

Description

The detected version of Progea Movicon contains an information disclosure vulnerability. This vulnerability is related to the TCPUploader module which could allow a remote and unauthenticated user to obtain OS version information.

Solution

Upgrade to Progea Movicon 11.4 Build 1150 or later.

Plugin Details

Severity: Medium

ID: 7128

Version: 1.0

Family: SCADA

Published: 2014/06/20

Modified: 2014/07/03

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:progea:movicon

Patch Publication Date: 2014/04/19

Vulnerability Publication Date: 2014/04/19

Reference Information

CVE: CVE-2014-0778

BID: 66934