Vulnerability Description
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progea | Movicon | 11.2 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/17034Exploit
- http://www.osvdb.org/72888
- http://www.securityfocus.com/bid/46907Exploit
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdfPatchUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdfPatchUS Government Resource
- http://www.exploit-db.com/exploits/17034Exploit
- http://www.osvdb.org/72888
- http://www.securityfocus.com/bid/46907Exploit
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdfPatchUS Government Resource
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdfPatchUS Government Resource
FAQ
What is CVE-2011-2963?
CVE-2011-2963 is a vulnerability with a CVSS score of 10.0 (HIGH). TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execut...
How severe is CVE-2011-2963?
CVE-2011-2963 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2963?
Check the references section above for vendor advisories and patch information. Affected products include: Progea Movicon.