Progea Movicon < 11.2 Build 1086 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 7142


A vulnerable version of Progea Movicon has been detected.


The detected version of Progea Movicon is affected by multiple vulnerabilities:

- There is a remote heap-based buffer overflow vulnerability related to erroneous parsing of the Content-Length HTTP request header. (CVE-2011-3491)

- A remote heap-based buffer overflow vulnerability exists related to HTTP requests. (CVE-2011-3498)

- A remote denial of service vulnerability exists related to an EIDP packet with too large of a size field. The specially crafted EIDP packet will cause the application to crash, and there is the possibility of arbitrary code execution. (CVE-2011-3499)


Upgrade to Progea Movicon 11.2 Build 1086 or later.

See Also,

Plugin Details

Severity: Critical

ID: 7142

File Name: 7142.pasl

Version: 1.0

Family: SCADA

Published: 2014/09/10

Modified: 2014/09/10

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:progea:movicon

Patch Publication Date: 2011/09/16

Vulnerability Publication Date: 2011/09/16

Reference Information

CVE: CVE-2011-3491, CVE-2011-3498, CVE-2011-3499

BID: 49605

OSVDB: 75492, 75493, 75494