Progea Movicon vulnerabilities
5 known vulnerabilities affecting progea/movicon.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2011-2963P2CRITICALCVSS 10.0PoCv11.22011-07-29
CVE-2011-2963 [CRITICAL] CWE-287 CVE-2011-2963: TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for cri
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
nvd
CVE-2017-14017P3HIGHCVSS 7.8≤ 11.5.11812017-10-19
CVE-2017-14017 [HIGH] CWE-427 CVE-2017-14017: An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and pri
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.
nvd
CVE-2012-1804P4HIGHCVSS 7.8≤ 11.22012-05-14
CVE-2012-1804 [HIGH] CWE-119 CVE-2012-1804: The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (o
The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.
nvd
CVE-2017-14019P4MEDIUMCVSS 6.7v11.5.11812017-10-19
CVE-2017-14019 [MEDIUM] CWE-428 CVE-2017-14019: An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prio
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.
nvd
CVE-2014-0778P4MEDIUMCVSS 5.0v11.4≥ 11.4, < Build 11502014-04-19
CVE-2014-0778 [MEDIUM] CWE-200 CVE-2014-0778: TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnera
TCPUploader module listens on Port 10651/TCP for incoming connections.
Exploitation of this vulnerability could allow a remote unauthenticated
user access to release OS version information. While this is a minor
vulnerability, it represents a method for further network
reconnaissance.
nvd