Detections
Analytics

Progea Movicon < 11.2 Build 1086 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 7142

Synopsis

A vulnerable version of Progea Movicon has been detected.

Description

The detected version of Progea Movicon is affected by multiple vulnerabilities:

- There is a remote heap-based buffer overflow vulnerability related to erroneous parsing of the Content-Length HTTP request header. (CVE-2011-3491)

- A remote heap-based buffer overflow vulnerability exists related to HTTP requests. (CVE-2011-3498)

- A remote denial of service vulnerability exists related to an EIDP packet with too large of a size field. The specially crafted EIDP packet will cause the application to crash, and there is the possibility of arbitrary code execution. (CVE-2011-3499)

Solution

Upgrade to Progea Movicon 11.2 Build 1086 or later.

See Also

http://aluigi.altervista.org/adv/movicon_1-adv.txt

http://aluigi.altervista.org/adv/movicon_2-adv.txt

http://aluigi.altervista.org/adv/movicon_3-adv.txt

Plugin Details

Severity: Critical

ID: 7142

Version: 1.0

Family: SCADA

Published: 9/10/2014

Updated: 8/16/2018

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:progea:movicon

Patch Publication Date: 9/16/2011

Vulnerability Publication Date: 9/16/2011

Reference Information

CVE: CVE-2011-3491, CVE-2011-3498, CVE-2011-3499

BID: 49605