Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3491

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3491
Last Modified 22 Sep 2011 11:34:41
Published 16 Sep 2011 10:28:13
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3491

Summary

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

Vulnerable Systems

Application

  • Progea Movicon Powerhmi 11

  • Progea Movicon Powerhmi 11.0.1017

  • Progea Movicon Powerhmi 11.2.1085


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf

XF - movicon-contentlength-bo(69787)

OSVDB - 75494

MISC - http://aluigi.altervista.org/adv/movicon_1-adv.txt


Last Updated: 27 May 2016 10:57:42