Progea Movicon < 11.3 Memory Corruption Vulnerability

High Nessus Network Monitor Plugin ID 7129

Synopsis

A vulnerable version of Progea Movicon has been detected.

Description

The detected version of Progea Movicon contains a memory corruption vulnerability. This vulnerability can be exploited by sending a specially crafted HTTP POST request to the Movicon OPC server. The specially crafted HTTP POST will cause the application to read out-of-bounds memory resulting in a denial of service.

Solution

Upgrade to Progea Movicon 11.3 or later.

Plugin Details

Severity: High

ID: 7129

Version: 1.0

Family: SCADA

Published: 2014/07/03

Modified: 2014/07/03

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:progea:movicon

Patch Publication Date: 2012/05/14

Vulnerability Publication Date: 2012/05/14

Reference Information

CVE: CVE-2012-1804

BID: 53484