cbcvebase.
CVE-2011-2963
published 2011-07-29

CVE-2011-2963: TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.63%
93.8th percentile
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.

Affected

1 ranges
VendorProductVersion rangeFixed in
progeamovicon

Detection & IOCsextracted from sources · hover to see the quote

  • ·The exploit sends each crafted packet twice over the same TCP connection; detection rules should account for duplicate packet transmission rather than expecting a single send.
  • ·Function codes 8, 9, A, and V are noted as additional valid function codes beyond the 1–7 range tested in the PoC; detection coverage should not be limited to only function bytes 1–7.
  • ·The vulnerability affects Progea Movicon 11.2 builds prior to Build 1084 only; patched systems running Build 1084 or later are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.