Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2963

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2963
Last Modified 01 Aug 2011 12:00:00
Published 29 Jul 2011 03:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2963

Summary

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.

Vulnerable Systems

Application

  • Progea Movicon 11.2


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf

BID - 46907

OSVDB - 72888

EXPLOIT-DB - 17034


Last Updated: 27 May 2016 10:57:14