Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3499

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3499
Last Modified 22 Sep 2011 12:00:00
Published 16 Sep 2011 01:26:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3499

Summary

Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.

Vulnerable Systems

Application

  • Progea Movicon Powerhmi 11

  • Progea Movicon Powerhmi 11.0.1017

  • Progea Movicon Powerhmi 11.2.1085


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf

XF - movicon-eidp-dos(69789)

MISC - http://aluigi.altervista.org/adv/movicon_3-adv.txt


Last Updated: 27 May 2016 10:57:43